10.5 Other WLAN Security Issues

Previous page
Table of content
Next page

10.5 Other WLAN Security Issues

10.5.1 Rate Limitation

Because 802.11 WLANs use a half-duplex medium, the maximum throughput of 801.11b access points is approximately 5 Mbps. This is shared between simultaneous users on each access point. Administrators may want to limit or control the available bandwidth on a per-role or per- user basis (also known as rate limiting ) to a single node to maximize the user experience for all. This type of feature is useful in preventing intentional or unintentional denial-of-service (DoS) attacks that can consume all available bandwidth. For example, an unintentional DoS attack can occur as a result of intensive network tasks such as pushing and pulling very large documents or significant amounts of streaming video through the wireless network. An access point can be saturated with as little as three or four such sessions, resulting in an inadvertent denial of service. Any wireless network zone that serves a significant number of users where uptime is imperative should utilize rate limiting with some type of Class of Service (CoS) moderator.

Rate limiting is often integrated with VPN technologies such as PPTP so that users connecting to the EWG through a VPN tunnel can be rate limited. In some cases, proprietary solutions such as distributed VPN edge devices with a centralized VPN controller and concentrator are also implemented by the vendor. Peer-to-peer wireless attacks and unauthorized eavesdropping are eliminated through the use of VPN edge devices sitting directly behind access points pushing the VPN all the way down to the WLAN edge. Another advantage of this feature is its support for additional VPN tunnels by off-loading encryption processing from the central VPN server.

10.5.2 Subnet Roaming

Unfortunately, mobile users often experience broken network sessions as they transit (roam) subnet boundaries. One way to solve this problem is with the use of a vendor subnet-roaming solution that provides session and network layer address persistence. Most EWG manufacturers provide for subnet-roaming solutions. These types of EWG solutions are often client/ server or master/slave in nature, with one unit as the controller (master) and the other(s) being controlled (slaves), while other solutions are stand-alone and self-sufficient. IETF RFC 2002 addresses the Mobile IP protocol, and the forthcoming IEEE 802.11f standard will address seamless mobility through the Inter Access Point Protocol (IAPP) [27].



Previous page
Table of content
Next page
Wireless Operational Security
Wireless Operational Security
ISBN: 1555583172
EAN: 2147483647
Year: 2004
Pages: 153
Authors: John Rittinghouse PhD CISM, James F. Ransome PhD CISM CISSP
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
CompTIA Project+ Study Guide: Exam PK0-003
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Competency-Based Human Resource Management
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy