Myth # 8 : Wireless IDS is needed to prevent rogue access points.It is true that IDS (Intrusion Detection Systems) can identify 802.11a/b/g rogue APs. But it is not smart when detecting non 802.11a/b/g rogue APs which uses 900MHz and/or FHSS. Apart from those legacy technologies, latest Bluetooth and MIMO (802.11n draft) also can be taken. Although some wireless IDS vendors produce products which can detect such non standard APs, it is hard to identify them comprehensively. IDS blocks rogue APs in DoS method (Denial of Service) too by de-authenticating/disassociation of RAPs and their associated stations. This method is not successful because Wi-Fi adapters can have its drivers configured to ignore disassociation requests.
Some other vendors shut down the wired switch port that the RAP is connected to. This is unsuccessful too as if RAP is configured with encryption and authentication (even WEP) will not allow wireless IDS to send message to wired portion of network.
Figure 2
As a perfect solution, wired 802.11x authentication (EAPOL – EAP over LAN) which blocks access on every port can be taken. When 802.11x is configured, network access is denied until a device authenticates as a supplicant with an authenticator (mostly RADIUS). If a company has the above mentioned structure already, wireless devices can be integrated into it easily. And also 802.1x authentication negotiates an encrypted key which prevents intruders spoofing MAC addresses as they don’t have the secure key. So answer for this myth is clearly “No it is not.”Read more about 802.11x here.
Myth # 9 : A wireless IDS is not necessary if other rogue AP prevention measures are in place.
Even though this myth was busted in previous point, still there are some needs to use IDS. Most administrators do not go for IDS as it is very expensive and only few people know what all the things an IDS can do. Actually IDS can provide troubleshooting and optimization features such as location tracking, remote packet captures and RF interference levels analysis. Those ways can be beneficial for an administrator to handle this Rogue Access Points pain centrally without going here and there gathering information. So in this way it is clear that IDS can do a better service in performance optimization and troubleshooting more than security.
References
Miller, B & Hill, G 2006, ‘Eleven Myths about 802.11 Wi-Fi Networks’, Expert Reference Series of White Papers , 18 August, pp. 7-8, Global Knowledge Training LLC., viewed 05 September 2010
‘Figure 1’ [image] in 2009, ‘The second day of the School on Low Cost Wireless’, school2009, viewed 05 September 2010, http://wireless.ictp.it/groups/school2009/wiki/8d8fe/Group_Two's_-_Day_Two.html
‘Figure 2’ [image], KBR Wireless, viewed 05 September 2010, http://kbrwireless.com/hardware/80211x.htm
The previous episode of this series has been posted on 24th Aug 2010 which can be found easily in here. If you enjoyed this article, please leave a comment as described in previous week.
I am glad that in your article, found a rebuttal common myths. It is very cool that you love to confess the truth.
ReplyDeleteSuch systems are able to identify the unauthorized access point. This is great news for every user who needs a secure key.
ReplyDeleteI would like to read more carefully about the systems that you tell here. I want tp develop it.
ReplyDeleteSuggestion ways can be helpful and informative for many people and not just for administrators.
ReplyDelete/Your post give me lots of advise it is very useful for me. I want to introduce for you about the game. in this game, you can create character and operate as same as in the real world. Click link to participate games. sims 4 cheats
ReplyDeletefree coins and gems for golf clash Using the factors, I will explain a complete guide for Golf Clash players.
ReplyDelete