|
[ Pobierz całość w formacie PDF ]
# brconfig bridge0 rulefile testbridge 9.5 Taking It to the Gateway There is no guaranteed way to secure communications on an access point. However, there are many techniques you can employ to make your access point a difficult target. Firmware-based APs are easy to setup but provide limited usability and security options. The flexibility gained by deploying a Linux, FreeBSD, or OpenBSD access point is somewhat offset by the more technical configuration and security requirements of a general purpose OS. Whatever option you choose, raising the bar as high as possible is very important. Now that you understand how to properly configure an access point for secure use, it is time to move farther out into the network and examine the security on the gateway. Part IV: Gateway Security Properly configured access points and clients are useless without a secure connection to other networks. Whether your gateway connects you to your intranet or proves transit to the greater Internet, it is the keystone of your security architecture. It is a central point for traffic to transfer through on its way to other networks. It is an excellent place to enforce a single security policy. Unfortunately, many networks do not make proper use of this keystone. Either through misconfiguration, or a complete lack of firewalling capability, networks around the world are wide open to attack. When the gateway is connected to a wireless network, the risk increases. Attackers are now on the doorstep of your valuable resources, and the role of the gateway becomes more important. The next four chapters will show you how to architect and configure a gateway that protects your wired and wireless resources. Chapter 10. Gateway Security Until very recently, a firewall has been the frontline security device in most networks. Attacks have historically been launched against layer 3 or above. Firewalls have advanced over the years, evolving from glorified IP access lists to stateful, application aware security devices. With the wide-scale deployment of wireless networks, suddenly layer 1 and layer 2 security has become a hot topic. A wireless access point and wireless client must be able to defend themselves and their resources in an attempt to retain the integrity of the network. This does not mean that firewalls have become less important in the bounds of a wireless network. Quite the contrary, a firewall, serving as a layer 3 gateway, is a critical piece of a wireless network. Not only must it defend against conventional attacks over the Internet, it must also protect itself and the networks it controls from unauthorized access originating from a hostile wireless network. A gateway is the first line of defense from an attacker who has complete physical and logical access. 10.1 Gateway Architecture The first thing to consider when deploying a gateway that will face a wireless network is how it will fit into your overall network architecture. It is tempting to simply plug an access point into an existing wired network and use your existing firewall to secure it. This is a recipe for trouble. By placing your access point in the same broadcast domain as your other critical services, you give an attacker a direct connection to any machine on the wired network. Figure 10-1 shows an insecure placement of a bridging access point. The attacker is behind your firewall. Unless your access point is acting as a transparent firewall between the wired and wireless segments, enforcing access control becomes a difficult proposition. Figure 10-1. Insecure placement of access point Even with host-based access control on all hosts on the wired network, an attacker can still launch an ARP spoofing attack against the network. For a complete discussion of ARP spoofing, see ARP Poisoning. An attacker, in an ARP spoofing attack, can serve as a man in the middle between two wired hosts. He can effectively pull packets off the wired network and force them to go across the wireless network. To provide access control and minimize the risks of layer 2 attacks, the access point should be connected to its own interface on the gateway. Figure 10-2 shows the preferred architecture for a wireless network to be attached to a gateway. The figure also shows the corresponding IP address used in the examples in the chapters that follow. Figure 10-2. Proper architecture for single AP networks Some networks may require multiple access points to cover the desired area. Ideally, all of the access points will be in the same service set and be located on the same subnet so users have transparent roaming capability. To provide a single point of security policy enforcement yet still allow roaming, your gateway should act as a transparent bridging firewall between the multiple interfaces servicing the wireless interfaces. Figure 10-3 shows an example of a bridging firewall connected to multiple networks in the same service set. In general, there is no reason for hosts associated to different access points to talk to each other. There will be no service offered from the workstations attached to the wireless network, so traffic between workstations may be an attack. A bridging firewall gives you the capability to limit inter-station traffic. Figure 10-3. Architecture with multiple APs 10.2 Secure Installation Regardless of the operating system you choose for your gateway, be sure it is installed in a secure manner. Completely disconnect the host from the network and use installation media that you trust. Vendors have different ways to verify their installation media. If you have downloaded an ISO CD image from an FTP server, there should be a checksum file with the ISO image that will allow you to verify the integrity of the data. Once the operating system is installed, it is imperative that you check with your vendor for security patches. No matter how bug free an operating system was thought to be when it was released, security vulnerabilities will be found and used to create exploits over time. Before connecting your host to the network, download security patches from your vendor, copy them onto a trusted media, and install the patches from that media. This will allow you to have a high degree of assurance in your installation once you place it into production. 10.3 Firewall Rule Creation Creating firewall rules for a network can be a painful process. The ruleset must be secure enough to only allow access to required resources. Unfortunately, what you as a security administrator think is a required resource and what the users of the network feel is a required resource can differ wildly. For example, many users believe instant-messenger programs [ Pobierz całość w formacie PDF ] |
Odnośniki
|