Wireless security - are authentication and authorization sufficient?
Perhaps I'm missing something subtle, but it seems that if my plant wireless network access points can a) verify that a node is authorized to join the network, and b) the proper password is provided, then the network should be secure. Am I missing something here?
- Login or register to post comments
- 2589 reads
- Permalink
- 2 comments
Authentication
Is a query/response authentication required or is there a way to identify a device and allow that ID to be checked against an 'authorized' list?
Patrick Coyle
Chemical Facility Security News
Wireless security
Authentication and authorization to legitimately participate in a wireless network, along with encryption to prevent eavesdropping or data manipulation of communications are required for _basic_ wireless security.
Wireless attackers have gone beyond just trying to listen in on communications or guess passwords. As one example, a sophisticated attacker will try to emulate a plant’s wireless infrastructure itself and trick an authorized person into giving the attacker his user credentials - and access to the network.
To adequately protect against this type of attack, a plant’s wireless infrastructure must have wireless “Defense in Depth” that includes the capability to seek out rogue (or honeypot) access points, effectively shut them down to prevent users from accidentally connecting to them, and finally alert the network administrators of the offending access point's presence.
Wireless “Defense in Depth” protects against this and other known wireless attacks. Security needs to be like an onion – many layers must exist to properly protect the users, the wireless network infrastructure, and the servers and applications on the wired network.