Compaq Evo n400c Wireless Security - Page 27
Corporate Firewalls
View all Compaq Evo n400c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 27 highlights
Wireless Security White Paper 27 This does not mean that there is no longer a need for WEP in an 802.11b LAN. As mentioned above, 802.1x only provides authentication. It does not encrypt the over-the-air transmission. It is therefore still possible for hackers to eavesdrop on conversations and intercept sensitive information. The ideal combination is to use 802.1x for authentication to the network, and WEP to ensure privacy of the transmission. This does not address the cryptological weaknesses of WEP; however, it does open the door for future versions of WEP to focus on privacy rather than authentication. WWAN Access Points Telecommunications companies are responsible for the security of the data while the data passes through their routers. That data is as secure as the trust management of privileges of the employees working for the carrier itself. This level of security cannot be improved upon by the corporation or by the access device user. Specific security provided for WWAN technologies is described above under the section titled "Security Specific to WWAN Carrier Technologies." Generally speaking, when data travels along the phone lines to the corporate firewall, the data is secure barring phone line tapping. This is not a unique security problem and will not be discussed in this paper, which is focused on wireless security. Corporate Firewalls The fourth key juncture in the pipe, after mobile access devices, wireless connectivity technologies, and access points, centers on corporate firewalls. A firewall is a set of related programs located at a network gateway server, which protects the resources of a private network from users from other networks. (The term also implies that a security policy is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and to control what outside resources its own users can access. A firewall, working closely with a router program, examines each network packet to determine whether to forward it to its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed on a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources. There are several firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain name and Internet Protocol (IP) addresses. For mobile users, firewalls allow remote access to the private network through secure log-on procedures and authentication certificates. A number of companies make firewall products. Features include logging and reporting, automatic alarms at given thresholds of attack, and a graphical user interface (GUI) for controlling the firewall.