4ipnet Technology: Layer 2 Firewall

-

In today’s wireless environment, most of the data information transferred is relatively easy to intercept, your personal data and system information can be very vulnerable to various types of attacks.

In order to prevent this from happening, the most common adopted mechanism in the networking industry is called the “Wireless Isolation”, a mechanism that can shield users from other users within the same Access Point or Virtual Access Point.

But does this include the Network’s resources such as DHCP server or users in other Virtual Access Points?

The answer is no.

A hacker can simply target users in other Virtual Access Points and Network resources, leaving it defenseless.

This is why 4ipnet has adopted the Wireless Layer 2 Firewall.

This feature is capable of filtering wireless traffics under the access point’s wireless interface and customizes its firewall rules, configure filter rules for layer 2 and layer 3 traffics, and control the Virtual Access Point traffics from wireless to wired network.


Let’s take a look at 2 types of common attacks to gain a better understanding of this feature:

Attack 1

DHCP Starvation

This attack can be carried out easily with free available software tools from the internet. This attack operates by sending large amounts of DHCP request packets with false MAC addresses to the target DHCP server, thereby depleting the DHCP server of assignable IP addresses.

The attack prohibits users from ever obtaining a valid IP and denies him or her the ability to gain wireless access.

4ipnet Solution 1
To prevent this attack from happening, 4ipnet’s Wireless Layer 2 Firewall is implemented with a DHCP snooping feature.

The DHCP snooping feature filters illegal DHCP packets from wireless network. This feature will prevent DHCP pool’s IP addresses from being assigned to non-existing hosts.
 -----------------------------------------------------------------------------

ARP Spoofing is another example of how an unprotected wireless network can become vulnerable to internal attacks.

Attack 2
ARP Spoofing

The broadcasting nature of ARP, Address Resolution Protocol allows malicious users to carry out ARP Spoofing attacks on target hosts by flooding the victim host with false ARP frame.
Allowing your ARP Table to be attacked can allow the hacker to:
1.      Slow or shut down your internet connection as the gateway’s bandwidth is monopolized.
2.      Create “Man-In-the-Middle” situation where important information such as passwords and credit information are leaked.
3.      Redirect victims’ traffic to unwanted websites or servers.

4ipnet Solution 2
4ipnet’s Wireless Layer 2 Firewall has an ARP Inspection feature that allows the Layer 2 firewall to inspect incoming wireless traffic for corrupted ARP frames.

The frames found illegal will be rejected immediately, leading to:

1.      A reliable, consistent wireless connection.
2.      No information leakage.
3.      Direct access to legit and cleaner sites.

4ipnet’s Wireless Layer 2 Firewall monitors security breach for inter Virtual Access Point and wireless to wired attacks. It’s advanced features are designed to make your wireless network a safer and securer place to surf, chat and exchange data.

4ipnet’s Wireless Hotspot Gateways and Access Points are implemented with proprietary Wireless Layer2 Firewall to provide more secure and complete coverage for all your wireless security demands. To learn more about 4ipnet products, please visit http://www.4ipnet.com


Facebook: http://www.facebook.com/4ipnet
Twitter: http://twitter.com/4ipnet_inc

留言

張貼留言

這個網誌中的熱門文章

Product Review: 4ipnet Product for Wireless Network

-
圖片
Original article:  http://www. itparadigma.ru/blog/ oborudovanie-dlya- besprovodnyh-setej-4ipnet/ 4ipnet, founded in Taiwan in 2002, is little known in Russia. The company develops its product lines for building enterprise-grade wireless networks, and Wi-Fi networks for public use. The company's portfolio includes functional controllers, a wide range of access points, wireless network gateways, POS terminals and ticket printers, as well as a line of PoE+ switches. The most outstanding advantages of 4ipnet products that worth mentioning is that all hardware functions are accessible by default, and don’t require any additional licenses. Additionally, there’s an optimal and attractive price/quality ratio. The company's solutions are successfully implemented for educational and medical institutions, corporate sectors and telecom operators. Supporting advanced technologies such as Seamless Roaming (moving within the territory without connection failure), Airtime Fair
Read More

Enjoy Shopping and Reliable Wi-Fi at Portal de la Marina

-
圖片
Portal de la Marina is a prominent shopping center in the Marina Alta region of Alicante. As a universe of fun and shopping, Portal de la Marina carries leading brands in fashion, services, home items, restaurants, as well as a giant Hypermarket. With its Mediterranean character, custom-tailored to the needs of the area, the complex has been designed to capture the magical, mysterious effect of city streets of southeastern Spain. Aiming to be the perfect leisure paradise for all customers, a reliable and secure Wi-Fi infrastructure must be in place to keep the guest experience at top-notch level. The complexity of the project lies in several aspects. First, the visual impact had to be almost nonexistent. Second, the installation and implementation had to be fast and in non-business hours. Last but not least, provide the highest ratio of coverage and bandwidth to overcome all architectural barriers. Due to the vast scale of the property (90,000 m2) and the main catchment area of c
Read More

4ipnet WISP Solution

-
圖片
In recent years, public perception of wireless Internet access continues to grow. This brings both opportunities and challenges to Wireless Internet Service Providers (WISPs). For WISPs, the demand for high-speed Internet access deals with how to find faster, easier and more cost-efficient solutions to reach the most possible customers, especially to reach high growth markets such as SMBs, SOHOs and residences.The typical solution for providing customers with high-speed Internet services is to partner with a carrier or cable operator that deploys wired broadband access technologies like xDSL or cable modems. However, the vast majority of WISPs have started to utilize wireless equipments which operate in the license-exempt spectrum, especially the 2.4 GHz and 5 GHz bands, to deliver last-mile broadband access. License-exempt means that anyone can deploy an equipment without a license, as long as the equipment conforms to FCC or CE regulations. So it is obvious why wireless Internet
Read More