Wireless Security
Most security concerns stem from the open nature
of the wireless media.
To connect to a wired LAN you need physical
access, you have to connect a PC into a live network port. With wireless
you only need to be in the coverage area of an aerial (i.e. within
range of an Access Point). Control for wired networks is simpler: traditional
physical access control into buildings can be used and unused network
ports can be disabled by management application. Wireless LANs use
radio waves which pass through many modern building materials and thus
coverage is not limited to the inside of a building. The radio waves
appear in the street where transmissions from Wireless LANs can be
monitored by an eavesdropper with suitable equipment. Access to a corporate
network can be achieved from outside a building using readily available
technology.
The solution is to implement a robust security network. Madge WLAN
solutions implement a five element security model.
For an in depth look at wireless security, please
download our Wireless Security White
Paper
Authentication
The Madge Smart Wireless family supports mutual
authentication (using 802.1x EAP-TLS) to ensure only authorised wireless
clients are permitted to access the wireless network. The Access Server
uses an internal RADIUS server for authentication using digital certificates.
Digital certificates can be obtained from the internal Certificate
Authority (CA) or imported from an external CA. This maximises security
and minimises administrative overhead.
Encryption
The Madge Smart Wireless family supports the WEP, 3DES and
TLS standards which use encryption to prevent eavesdropping. WEP keys can be
generated on a per-user, per session basis.
Device Authorization
The Madge Smart Wireless model offers the ability
to exclude devices by MAC address. This is a simple way of blocking
'casual intrusion'.
Firewall
The Madge Smart Wireless solution provides a comprehensive packet filter and
IP port control firewall. This allows the administrator to precisely determine
access and the nature of the traffic passed through the Madge Smart Wireless
network. The purpose of the Madge firewall is to further protect the wired
infrastructure from wireless and Internet intrusion.
VPN
There are two distinct VPN facilities available with
the Madge Smart Wireless solution:-
- Wireless VPN using industry standard IPSEC encryption between the
adapter and the Smart Wireless Access Server.
- PPTP Internet encryption, which allows a network administrator
to establish a secure link to the Smart Wireless Access Server for
remote, secure device management and re-configuration.
|
