|
EdenWall
|
Case #3: Securing access to a WIFI networkProblem: How to restrict user access rights for connections passing through a WIFI access point? Solution: EdenWall deals with access rights by requesting separate authentication for each connection, and by checking the user’s identity in the organisation user directory. Should an attacker associate on the access point, EdenWall would block their connections: the attacker is not a legitimate user, member of the user directory. Classical WIFI solutions offer quite insufficient protections (WEP or WPA cryptography, which pirates can easily break; and "authentication" on MAC or IP address, or 802.1X, which are easily spoofable). Very well known techniques: IP spoofing, or MAC usurpation, let any attacker easily access network resources protected by the access point. Such behaviours have several direct consequences:
With EdenWall, pirates still can associate to the access point, but their network flows will in no case pass through the firewall. Network flows and sensitive data get protected by the firewall; and all illegal access attempts are logged and can be traced. This protection, brought by EdenWall, is complementary with cryptography protections (network flows encryption) which are classically installed on WIFI networks, as stated in case #2: EdenWall VPN - Typical use.
Conclusion: Access rights are granted dynamically, by requesting the organisation user directory. Access rights as well as authentication are granted or denied separately for each connection, so that network flows from WIFI access points can at last be really filtered. Illegal access attempts are recognized as such, and blocked by EdenWall, while classical firewalls would have no way to even detect them. Next case: EdenWall Log - Typical use |
