2011/11/22

4ipnet Technology: Layer 2 Firewall


In today’s wireless environment, most of the data information transferred is relatively easy to intercept, your personal data and system information can be very vulnerable to various types of attacks.

In order to prevent this from happening, the most common adopted mechanism in the networking industry is called the “Wireless Isolation”, a mechanism that can shield users from other users within the same Access Point or Virtual Access Point.

But does this include the Network’s resources such as DHCP server or users in other Virtual Access Points?

The answer is no.

A hacker can simply target users in other Virtual Access Points and Network resources, leaving it defenseless.

This is why 4ipnet has adopted the Wireless Layer 2 Firewall.

This feature is capable of filtering wireless traffics under the access point’s wireless interface and customizes its firewall rules, configure filter rules for layer 2 and layer 3 traffics, and control the Virtual Access Point traffics from wireless to wired network.


Let’s take a look at 2 types of common attacks to gain a better understanding of this feature:

Attack 1

DHCP Starvation

This attack can be carried out easily with free available software tools from the internet. This attack operates by sending large amounts of DHCP request packets with false MAC addresses to the target DHCP server, thereby depleting the DHCP server of assignable IP addresses.

The attack prohibits users from ever obtaining a valid IP and denies him or her the ability to gain wireless access.

4ipnet Solution 1
To prevent this attack from happening, 4ipnet’s Wireless Layer 2 Firewall is implemented with a DHCP snooping feature.

The DHCP snooping feature filters illegal DHCP packets from wireless network. This feature will prevent DHCP pool’s IP addresses from being assigned to non-existing hosts.
 -----------------------------------------------------------------------------

ARP Spoofing is another example of how an unprotected wireless network can become vulnerable to internal attacks.

Attack 2
ARP Spoofing

The broadcasting nature of ARP, Address Resolution Protocol allows malicious users to carry out ARP Spoofing attacks on target hosts by flooding the victim host with false ARP frame.
Allowing your ARP Table to be attacked can allow the hacker to:
1.      Slow or shut down your internet connection as the gateway’s bandwidth is monopolized.
2.      Create “Man-In-the-Middle” situation where important information such as passwords and credit information are leaked.
3.      Redirect victims’ traffic to unwanted websites or servers.

4ipnet Solution 2
4ipnet’s Wireless Layer 2 Firewall has an ARP Inspection feature that allows the Layer 2 firewall to inspect incoming wireless traffic for corrupted ARP frames.

The frames found illegal will be rejected immediately, leading to:

1.      A reliable, consistent wireless connection.
2.      No information leakage.
3.      Direct access to legit and cleaner sites.

4ipnet’s Wireless Layer 2 Firewall monitors security breach for inter Virtual Access Point and wireless to wired attacks. It’s advanced features are designed to make your wireless network a safer and securer place to surf, chat and exchange data.

4ipnet’s Wireless Hotspot Gateways and Access Points are implemented with proprietary Wireless Layer2 Firewall to provide more secure and complete coverage for all your wireless security demands. To learn more about 4ipnet products, please visit http://www.4ipnet.com


Facebook: http://www.facebook.com/4ipnet
Twitter: http://twitter.com/4ipnet_inc

沒有留言:

張貼留言