To thwart viruses and worms, security controls need to be instituted at the wireless edge, so malicious TCP/IP traffic can be stopped before it spreads to other devices. Complementing the external security perimeter that protects wired networks, enterprises need to create an internal security perimeter to secure their WLANs.
One solution is to deploy WLAN security gateways, which are network appliances designed to secure, manage and power WLANs. Operating at the wireless edge, between access points and other devices upstream, WI,AN security gateways protect networks from security attacks launched from wireless devices.
These gateways should meet three key requirements:
1. Precise packet-filtering controls for blocking or redirecting traffic. The gateway should include precise packet-filtering controls that can distinguish malicious traffic from legitimate traffic, and take action to block or redirect malicious traffic. A network administrator should be able to read a security bulletin describing the characteristics of a virus or worm and then precisely define a filter that targets the traffic of that virus or worm. The filter should block malicious traffic without interfering with legitimate traffic. By detecting and blocking the traffic that viruses and worms depend on, the filtering capabilities of a WLAN security gateway contain airborne attacks.
2. Filtering at the wireless edge to manage traffic among devices. To contain an attack, packet filtering must occur at the wireless edge, as close as possible to the access point. For optimal protection of the network, WLAN security gateways should be installed between the access point and the next upstream network device.
3. Session logging and audit tools for identifying infected computers and accelerating repairs. WLAN security gateways should provide logging and audit tools to help administrators remediate an attack, once it is contained. By maintaining full session logs of network traffic and tracking Layer 3 traffic data, WEAN security" gateways facilitate the identification of users with infected computers and the MAC addresses of the computers themselves. Using this information, administrators can contact users directly and begin cleaning up any infected computers.
CENTRALIZED POLICY MANAGEMENT
A tiered solution that combines WLAN security gateways at the wireless edge with a centrally located policy server provides additional advantages for network administrators combating viruses and worms. By providing centralized control over filters, the central policy server allows administrators to define a policy that immediately takes effect across the network. The policy server automatically distributes filters to all the WLAN security gateways, providing immediate protection at every access point on the network. This centralization also reduces manual labor and the risk of error.
The central policy server can manage user accounts and user groups for wireless users. Administrators can use the server's group-management features to define a special user group for users with infected computers. The group characteristics would include redirecting users to a Web page with information about how to install security patches and clean up infections.
By temporarily assigning users with infected computers to this group, administrators can ensure that users with infected computers receive the information they need the next time they log in. Once administrators have verified that the infected computers have been cleaned, they can remove users from this group and restore their normal access rights.
skip to main |
skip to sidebar
Welcome to the Network Security Library.Review of the top 100 network security tools and Discuss your security issues with thousands of other network security experts.
Categories
- 4 Easy Ways to Build an Effective Network (1)
- A Review of the Share the Wealth Income Opportunity (1)
- Anonymous Proxy Lists - A Warning (1)
- Attention Network Marketers (1)
- Basic Wireless Network in Your Home (1)
- Business Networking Attitude (1)
- Business Opportunity Leads - Let Them Feel You Are Offering Them a Legitimate Opportunity (1)
- Computer Discount Sales (1)
- Current Internet Network Security (1)
- Cyber Crimes - The Call For Fast Lucre (1)
- Cyber War and SEO Defense (1)
- Developing Self-Direction (1)
- effective network (1)
- Elements of Some 419 Scams (1)
- Email Spam Scams and Variations of 419 Scams (1)
- George W.Bush (1)
- Get the Right Business Networking Attitude (1)
- goals of the networker (1)
- Here's How to Explode Your Network Marketing Income (1)
- Homeland Security (1)
- How to Erase Your Search History Completely (1)
- How to Succeed in Network Marketing With the Internet (1)
- How to Use the Power of 5 in Network Marketing (1)
- Hu Jintao (1)
- Internet Marketing Vs Yellow Pages (1)
- internet security (1)
- Learn How to Sell Network Marketing Without Fear Now (1)
- levels of networking (1)
- Major League Networking (1)
- Making Money With an Opt-In Box (1)
- network . (1)
- Network Marketing Phone Sponsoring Secrets For Ultimate Success (1)
- Network Security Policies (1)
- Networking Tips (1)
- Phishermen Use IRS As Bait to Catch Victims (1)
- Platform Will Reflect Shifts (1)
- Protect Your Identity (1)
- Scientists want top security for GM crop tests (1)
- SMBs in India to Spend US$289M on Data Security This Year (1)
- Social Security (1)
- Syncing Military Network Ops (1)
- What to Do About Harassing Emails (1)
- Winning Tactics For Home Based Network Marketing Business (1)
- wireless network (1)
- Word of Mouth Advertising (1)
- Working Proxies and Why Free Proxies Break (1)
- Your Only Way to Achieving Outrageous Network Marketing Money and Freedom (1)
Posts
