3. I. Wireless Overview
More convenience than wired LAN
Easy to connect, easy to share
High Transport Speed. 802.11ac standard can archive
maximum 1,69 Gbit/s
Most technology devices support WLAN
(802.11a/b/g/n/ac): computer, phone, tablet, camera,
printer, television, memory stick,…
Municipal wireless network: some cities have coverage
wireless such as Bangkok, Singapore, Ha long, Hoi an,
Da nang, Hue
3
4. II. Wireless security risk
Weak encryption WEP
MIM - Man in the middle
Easy bridge to wired LAN
Rouge AP, evil twin,…
Untrusted providers: Firmware, Embedded
wireless chip on Housewares such as clothes iron,
water heater,…
4
5. III. Enhance Wireless Security
1. Create a Wireless Security Policy
2. Secure the WLAN
3. Protect Your Company from Outside Threats
4. Security Awareness Training
5
7. 2. Secure the WLAN
Use strong encryption: WPA, WPA2
Change the default SSID, default administrator
account/ password.
Use VLANs or MAC address control lists
Disable SSID broadcast
Guest access SSID
AP Isolation
Secure management ports
Secure communications
Physical secure Access points
Limit Wireless range
Turn off Wireless when not use
Regularly changing encryption keys
7
8. 3. Protect Your Company from Outside
Threats
802.1X authentication: RADIUS
Assign Static IP
Network Firewall and personal firewall software
VPN: Virtual Private Network
NAC: Network Access Control
Wireless IPS: Prevent unauthorized, rogue AP, evil
twin and other wireless threats
Wireless Security Endpoints: BYOD
Wireless Management System
Logging
8
9. 4. Wireless Security Awareness Training
Train users for using wireless securely.
Understand Wireless Security Policy and follow
the policy.
Do Not Auto-Connect to Open Wi-Fi Networks
9
10. IV. Wireless diagram for finance
organization
Requirements:
Wireless used for customers and VIP employees,
especially for HO and meeting rooms.
Highest security, prevent any wireless threats.
10
13. Comparison
Method Diagram 1:
Advantage
Diagram 1:
Disadvantage
Diagram 2:
Advantage
Diagram 2:
Disadvantage
Design Equip Firewall,
private Internet line
for Branches
No need to equip
private Internet
line for Branches
Performance Fast Internet
access, low
delay
Slow Internet
access, high delay,
can effect WAN
connection
Security Secure Internal
LAN, Internet
access cannot
go inside
Passthough WAN
Infrastructure, hard
to control security
Availability Keep access
Internet as if
WAN line lost
Cannot access
Internet if WAN
line lost
Operation Hard operation as
must control
separate Internet
line of branches
Easy to control
because of
central Internet
management at
HO
13
14. Which diagram is the best for your
company?
It depends on what you need.
If Wireless is deployed for several branches,
diagram 1 should be the best.
If Wireless is deployed for huge branches, diagram
2 should be considered.
14