The SAFE Wireless Blueprint
| Once again, we are working with a newer technology that is only beginning to be rolled out in large implementations and for which security standards are not yet well developed. Nonetheless, basic ideas remain : If you haven't seen a pattern before, the design fundamentals and axioms of the SAFE Wireless Blueprint should help. Design FundamentalsThe Wireless design fundamentals are also quite straightforward:
The design fundamentals here revolve around knowing who's on the network and limiting what they are allowed to do: authentication not only of devices, but, again, of users. AP management is the same thing: Ensure that your APs are not open to anyone who happens to have a wireless interface. Authorization applies when it comes to using the wired network's resources. Data confidentiality is important because you are dealing with a broadcast medium. In short, wireless is potentially a wide- open network, which offers an ingress for an unauthorized user into your (main) wired network. That is reflected in the axioms as well. AxiomsThe Wireless axioms are few but are no less important:
All networks are targets (surely you've gotten that point by now), but wireless networks can be easier than most for an attacker. When wireless devices must connect through an AP, it is known as infrastructure mode. However, wireless devices can become aware of each other and form an ad hoc network, an informal peer network of wireless devices. If one of those devices is an authenticated device accessing your wired network, you can imagine the consequences. That, coupled with the weaknesses of the initial security implementations (such as WEP, the Wired Equivalent Privacy standard), contributes to hackers being able to use wireless as an attack means. Cisco's recommended security extensions are IPSec, EAP/802.1 x , and LEAP, Cisco's proprietary extension to EAP. |
EAN: 2147483647
Pages: 177