Download - All IT eBooks
Transcript
A firewall in a wireless network can perform several functions: It can act as a gateway router between the wireless network and a wired LAN. It can protect a direct connection from a single computer to the Internet. It can block all traffic moving from the wireless side to the wired network that doesn’t come from an authenticated user. It passes commands, messages, and file transfers from trusted users to the Internet. Therefore, a legitimate user can connect to network nodes on the wired part of a mixed LAN or on the Internet, but an intruder would be cut off at the firewall. Because authorized wireless users and intruders are both on the unprotected side of the firewall, it does not isolate the wireless nodes from one another. An intruder can still gain access to another computer on the same wireless network and read shared files, so it’s a good idea to turn off file sharing on any computer connected to a wireless network and to use firewall software on individual computers. A firewall for a wireless network should use some kind of authentication to allow legitimate users through the gateway, but it should reject everybody else. If access control based on MAC addresses is built into Wi-Fi networks and the added authentication in 802.1x are not adequate, then an outboard firewall should require all users to enter a login and password before they can connect to the Internet. If your wireless network includes computers running more than one operating system, your firewall must use a login tool that works on any platform. The easiest way to accomplish this is with a web-based authentication server, such as the one included with the Apache web server (http://httpd .apache.org/). The Apache web server is available as a Linux or Unix application that can run on an old, slow computer with an early Pentium or even an antique 486 CPU, so you can often recycle an old junker and use it as a firewall. Both the Apache application and the operating system are available as open source software, so it ought to be possible to build an extremely low-cost Apache firewall. If you prefer to use Windows, or if you don’t want to assemble your own firewall, you have several options. You can use the Windows version of Apache, or you can use a commercial utility such as the ones listed at http:// www.thegild.com/firewall/. Attacks on a wireless LAN don’t all come through the air. A wireless network also requires the same kind of firewall protection against attacks from the Internet as an entirely wired network. Many wireless access points include configurable firewall features, but if yours does not, the network should include a firewall program on each computer, along with a separate router or a dedicated computer acting as a network firewall. 156 C h ap te r 1 3