Page 800 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 800
8. Treat wireless as external access, and separate the WAP from the
wired network using a firewall.
9. Treat wireless as an entry point for attackers, and monitor all
WAP-to-wired-network communications with an intrusion
detection system (IDS).
10. Require all transmissions between wireless clients and WAPs to be
encrypted; in other words, require a VPN link.
Often, adding layers of data encryption (WPA2 and IPSec
VPN) and other forms of filtering to a wireless link can reduce the
effective throughput by as much as 80 percent. In addition, greater
distances from the base station and the presence of interference
will reduce the effective throughput even further.
Wireless Attacks
Wireless communication is a quickly expanding field of technologies
for networking, connectivity, communication, and data exchange.
Literally thousands of protocols, standards, and techniques can be
labeled as wireless. These include cell phones, Bluetooth, cordless
phones, and wireless networking. As wireless technologies continue to
proliferate, your organization’s security must go beyond locking down
its local network. Security should be an end-to-end solution that
addresses all forms, methods, and techniques of communication.
Wireless networking has become common on both corporate and
home networks. Properly managing wireless networking for reliable
access as well as security isn’t always a straightforward proposition.
Even with wireless security present, wireless attacks can still occur.
There is an ever-increasing variety of attacks against networks, and
many of these work against both wired and wireless environments. A
few focus on wireless networks alone. This section examines various
wireless security issues.
War Driving
