2014/02/27

4ipnet Wireless Access Point Optimization Part 7

Good day! Today let us continue the wireless AP optimization series with "station isolation".

In many Wi-Fi environments, it is not uncommon to see upwards of twenty or thirty devices connected to a single access point. Allowing direct communication between these clients would be a security concern for network operators, as malicious traffic from one client could potentially affect another. The STATION (CLIENT) ISOLATION feature on 4ipnet APs allows network operators to prevent devices connected to the same AP from communicating with one another, essentially creating a virtual network per client.

Station Isolation prevents direct communication between clients on the same AP
Imagine that you have a bunch of strangers connected to the same access point in a coffee shop, all of whom are assigned IP addresses by the same DHCP server, which usually means that they are on the same network (subnet). If a user were to have file sharing turned on (e.g. Windows-based system), then all of the other users on the network would be able to browse the files of the exposed system. So while the user may have only wanted to get coffee and browse the Internet, he/she actually ended up sharing all of his/her personal documents to every other coffee-goer. This illustrates why Station Isolation is a crucial security feature, and why it is imperative for network administrators to enable the feature, especially when providing public Wi-Fi service.

沒有留言:

張貼留言