SonicWALL Wireless Security in Scotland (WLANs)
WLANs offer many benefits, but are Wireless LANs Safe?
Wireless Local Area Networks (WLANs) offer the flexibility to work from more locations, boosting productivity for employees, on-site partners, contractors, clients and guests.
At retail and professional settings, such as cafés, hotels, waiting rooms, conferences etc. WLANs can enhance the visitor experience, increasing sales and loyalty. WLANs can also reduce the costs of extending your wired infrastructure.
What are the issues of concern about WLANS?
- Wireless Security
- Wireless Performance
- Wireless Manageability
- Wireless Value
To be as secure as wired networks, WLANs also need other security features-
Unified Threat Management (UTM) to CLEAN UP traffic using an array of intrusion prevention, anti-virus and anti-spyware technology.
Wireless intrusion detection and prevention (WIDS/WIPS) to block rogue access and denial-of-service (DoS) attacks.
Application-level security to control unauthorized application usage and prevent leaks of confidential information.
Access control features to condition access based upon presence and status of endpoint security software and settings.
Wireless Guest Services to isolate traffic from your Trusted Network.
Security for wireless networks has to AT LEAST AS GOOD wired networks running deep packet inspection.
Happily, the new range of SonicWALL wireless enabled appliances and SonicPoints can address these areas. SonicWALL Clean Wireless unites high-speed secure wireless and high performance Unified Threat Management through the deployment of SonicWALL TZ Series, Network Security Appliance (NSA) with SonicPoint-N™ Dual-Band or SonicPoint™ access points.
SonicWALL Wireless security
SonicWALL Wireless-enabled UTM appliances and SonicPoint used with NSA appliances are purpose-designed to give BOTH security AND ease of use and ongoing management.
Benefits of SonicWALL Clean Wireless-
- Enforce security between nodes on the wireless network
- Extend your wired network to include 802.11N wireless technology
- Improve wireless network performance
- Centrally manage all access points.
- Deep Packet Inspection scanning all WLAN traffic
- Allow guests user to access your wireless network, without compromising your own network security!
TZ-200 Wireless enabled UTM appliance.
To see a SonicWALL WLAN Security Check-List, Click Here.
SonicWALL WLAN Security Check-List
1.Install a SonicWALL security appliance at your network gateway, and secure your network with Wireless IPSec (WiFiSec). Enabling WiFiSec causes the SonicWALL security appliance to pass only IPSec packets to and from its wireless interface. Enforcing WiFiSec ensures that wireless users are authenticated and that their wireless traffic is fully encrypted. WiFiSec is enabled by default to provide your network with end-to-end wireless traffic
encryption using standard IPSec security mechanisms. This method of deployment ensures that only authorized users are connecting to the SonicWALL security appliance, and that the wireless traffic of authorized users is truly secure against interception and decoding from undesired third parties.
2. Install the SonicWALL Global VPN Client on your wireless clients.
Note This will require your Wireless clients to connect to the SonicWALL security appliance using the SonicWALL Global VPN Client for remote access to policy-allowed LAN resources, policy-allowed WAN access, and to other wireless clients. Enable Gateway Anti-Virus (GAV), Intrusion Prevention Service (IPS), Content Filtering Service (CFS) security services on your WLAN zones.
3. Use WiFi (WPA Protected Access) in either the WPA-PSK or the WPA-EAP variety, as an alternative to (or even in conjunction with) the use of the SonicWALL Global VPN client. Both of which are supported by SonicWALL wireless products. WPA-PSK allows for the use of a pre-shared key or password for associating and authenticating with the wireless network, while WPA-EAP uses an extensible authentication protocol scheme, typically with a back-end user database such as RADIUS. Since WPA-EAP requires an external authentication server, it can be fairly complicated to configure, and is generally used infrequently by smaller networks. Also, using WPA requires that your wireless clients are WPA capable – this requires WPA compatible client cards (such as the SonicWALL Long-Range/Dual-Band wireless card) with current drivers, and a WPA supplicant or natively WPA-capable operating system.
4. Use the radio scheduling feature on your SonicWALL wireless equipment to disable the wireless radios when they are not in use. If your wireless network is only in use from 7am to 10pm, you can schedule the radio to disable itself entirely during off-hours, completely eliminating the possibility of unwanted or unauthorized detection or access without impeding regular use.
5. Enforce the use of Wireless Guest Services (WGS). By enabling this feature, all wireless clients must authenticate themselves to the SonicWALL security appliance using HTTP or HTTPS before they are allowed access to resources on the WAN. The user and password database can either be stored onboard the SonicWALL security appliance or, the SonicWALL security appliance can authenticate users from external RADIUS servers. A recent online review of WGS said “Instead of having visitors and conference room attendees locked out of WiFi goodness, [WGS] shunts them to a different place, the Internet.” Using WGS, network administrators can configure their SonicWALL security appliances to allow wireless guests access to the Internet, but with blocked access to your corporate network.
6. Activate the SonicWALL security appliance’s Wireless Intrusion Detection Services (IDS) features. This will allow your SonicWALL security appliance to perform active and passive scans of the 802.11b wireless channels to detect rogue access points, wireless access points that were installed on your internal network without your corporate IT network administrator’s approval. It also allows the SonicWALL security appliance to protect itself against association flood attacks and to detect possible disassociation attacks launched against your wireless clients using sequence number analysis.
7. If you are not using WiFiSec, WEP, or WPA use applications that can be directly secured, such as HTTPS Web browser sessions, SSH, or SSL-enabled applications like SFTP. Make sure these applications are password-secured, use strong passwords, and have their passwords changed often.
8. Select an SSID that is recognizable by your authorized users, but which does not disclose any sensitive information.
9. Adjust the SonicWALL security appliance’s wireless radio power settings and management frame settings. Tuning these settings properly can prevent your wireless signal from bleeding into unwanted areas (such as public areas with adjacent buildings occupied by other wireless users).
War drivers often look for public spots into which a usable signal has leaked, so take this into account when adjusting your SonicWALL security appliance.
10. Do not advertise your wireless network unnecessarily. When possible, place your wireless radios away from the perimeters of your premises to avoid the radio signal bleeding beyond required boundaries.