Download - All IT eBooks

Transcript
A firewall in a wireless network can perform several functions:
It can act as a gateway router between the wireless network and a
wired LAN.
It can protect a direct connection from a single computer to the Internet.
It can block all traffic moving from the wireless side to the wired network
that doesn’t come from an authenticated user.
It passes commands, messages, and file transfers from trusted users to
the Internet.
Therefore, a legitimate user can connect to network nodes on the wired
part of a mixed LAN or on the Internet, but an intruder would be cut off at
the firewall.
Because authorized wireless users and intruders are both on the
unprotected side of the firewall, it does not isolate the wireless nodes from
one another. An intruder can still gain access to another computer on the
same wireless network and read shared files, so it’s a good idea to turn off file
sharing on any computer connected to a wireless network and to use firewall
software on individual computers.
A firewall for a wireless network should use some kind of authentication
to allow legitimate users through the gateway, but it should reject everybody
else. If access control based on MAC addresses is built into Wi-Fi networks
and the added authentication in 802.1x are not adequate, then an outboard
firewall should require all users to enter a login and password before they
can connect to the Internet.
If your wireless network includes computers running more than one
operating system, your firewall must use a login tool that works on any platform. The easiest way to accomplish this is with a web-based authentication
server, such as the one included with the Apache web server (http://httpd
.apache.org/).
The Apache web server is available as a Linux or Unix application that
can run on an old, slow computer with an early Pentium or even an antique
486 CPU, so you can often recycle an old junker and use it as a firewall.
Both the Apache application and the operating system are available as open
source software, so it ought to be possible to build an extremely low-cost
Apache firewall.
If you prefer to use Windows, or if you don’t want to assemble your
own firewall, you have several options. You can use the Windows version of
Apache, or you can use a commercial utility such as the ones listed at http://
www.thegild.com/firewall/.
Attacks on a wireless LAN don’t all come through the air. A wireless
network also requires the same kind of firewall protection against attacks
from the Internet as an entirely wired network. Many wireless access points
include configurable firewall features, but if yours does not, the network
should include a firewall program on each computer, along with a separate
router or a dedicated computer acting as a network firewall.
156
C h ap te r 1 3