| |
Privacy & Data Security
764 hits
Oct 08, 2002 6:40 pm |
|
re: re: wireless data security |
Ken Seefried
| |
> Kapil Raina wrote: > >In general, if the WLAN is setup with the proper supporting architecture (like firewalls), you can have a secure setup. If you are looking for a plug and play secure WLAN, you may have to wait a little longer. >
Firewalls are largely irrelevant to WLAN security as the vulnerabilities fall into 2 general categories:
1) Evesdropping on sensitive information, esp possible since the current WEP privacy technology is woefully inadequate. 2) Impersonation of a legitamate user or network element (e.g. AP), as there is no mutual authentication of the actors in a wireless network.
Firewalls don't help either one. Maximal WLAN security best practices dictate the use of a VPN technology over the wireless transport coupled with strong authentication. There are also next generation WLAN security technologies such as PEAP and EAP-TLS that provide substantially improved built in security, but are fairly new and haven't been fully vetted.
Ken Seefried, CISSP
Private Reply to Ken Seefried (new win) |
|