To thwart viruses and worms, security controls need to be instituted at the wireless edge, so malicious TCP/IP traffic can be stopped before it spreads to other devices. Complementing the external security perimeter that protects wired networks, enterprises need to create an internal security perimeter to secure their WLANs.
One solution is to deploy WLAN security gateways, which are network appliances designed to secure, manage and power WLANs. Operating at the wireless edge, between access points and other devices upstream, WI,AN security gateways protect networks from security attacks launched from wireless devices.
These gateways should meet three key requirements:
1. Precise packet-filtering controls for blocking or redirecting traffic. The gateway should include precise packet-filtering controls that can distinguish malicious traffic from legitimate traffic, and take action to block or redirect malicious traffic. A network administrator should be able to read a security bulletin describing the characteristics of a virus or worm and then precisely define a filter that targets the traffic of that virus or worm. The filter should block malicious traffic without interfering with legitimate traffic. By detecting and blocking the traffic that viruses and worms depend on, the filtering capabilities of a WLAN security gateway contain airborne attacks.
2. Filtering at the wireless edge to manage traffic among devices. To contain an attack, packet filtering must occur at the wireless edge, as close as possible to the access point. For optimal protection of the network, WLAN security gateways should be installed between the access point and the next upstream network device.
3. Session logging and audit tools for identifying infected computers and accelerating repairs. WLAN security gateways should provide logging and audit tools to help administrators remediate an attack, once it is contained. By maintaining full session logs of network traffic and tracking Layer 3 traffic data, WEAN security" gateways facilitate the identification of users with infected computers and the MAC addresses of the computers themselves. Using this information, administrators can contact users directly and begin cleaning up any infected computers.
CENTRALIZED POLICY MANAGEMENT
A tiered solution that combines WLAN security gateways at the wireless edge with a centrally located policy server provides additional advantages for network administrators combating viruses and worms. By providing centralized control over filters, the central policy server allows administrators to define a policy that immediately takes effect across the network. The policy server automatically distributes filters to all the WLAN security gateways, providing immediate protection at every access point on the network. This centralization also reduces manual labor and the risk of error.
The central policy server can manage user accounts and user groups for wireless users. Administrators can use the server's group-management features to define a special user group for users with infected computers. The group characteristics would include redirecting users to a Web page with information about how to install security patches and clean up infections.
By temporarily assigning users with infected computers to this group, administrators can ensure that users with infected computers receive the information they need the next time they log in. Once administrators have verified that the infected computers have been cleaned, they can remove users from this group and restore their normal access rights.