InfoSec Notes
Securing wireless networks covering WPA3, enterprise Wi-Fi security, rogue AP detection, and wireless attack prevention.
Overview
Wireless Network Security is a critical component of organizational defense strategy. As networks grow more complex with cloud services, remote workers, and IoT devices, understanding and implementing proper network security controls becomes increasingly vital.
Key Concepts
Network security operates across multiple layers of the OSI model, with different controls appropriate at each layer:
| Layer 7 (Application) | WAF, Application proxies, DLP |
| Layer 6 (Presentation) | SSL/TLS encryption |
| Layer 5 (Session) | Session management, authentication |
| Layer 4 (Transport) | Stateful firewalls, TCP/UDP filtering |
| Layer 3 (Network) | Routers, IPSec, IDS/IPS, ACLs |
| Layer 2 (Data Link) | VLANs, 802.1X, MAC filtering |
| Layer 1 (Physical) | Physical security, cable management |
Architecture and Deployment
Implementation
Best Practices
| Practice | Description |
|---|---|
| Default deny | Block all traffic not explicitly allowed |
| Segmentation | Separate networks by function/sensitivity |
| Encryption | Encrypt data in transit (TLS, IPSec) |
| Monitoring | Continuous traffic analysis and alerting |
| Patch management | Keep network devices firmware updated |
| Access control | 802.1X for network access authentication |
| Redundancy | Failover for critical security infrastructure |
Common Attacks and Defenses
| Attack | Description | Defense |
|---|---|---|
| DDoS | Flood network with traffic | Rate limiting, CDN, scrubbing |
| Man-in-the-Middle | Intercept communications | TLS, certificate pinning |
| ARP Spoofing | Redirect traffic via ARP | Dynamic ARP inspection, static ARP |
| DNS Poisoning | Redirect DNS queries | DNSSEC, DNS over HTTPS |
| Port Scanning | Discover open services | Firewall rules, port knocking |
Interview Questions
- What is the difference between a firewall and an IDS/IPS?
- A firewall controls traffic flow based on rules (allow/deny). An IDS passively monitors and alerts on suspicious traffic. An IPS actively blocks detected threats inline. Firewalls are preventive, IDS is detective, IPS is both.
- Explain the concept of network segmentation and its security benefits.
- Network segmentation divides a network into isolated zones (VLANs, subnets). Benefits: limits lateral movement after breach, reduces attack surface per segment, enables granular security policies, improves monitoring, and helps compliance (isolating regulated data).
- What is the difference between stateful and stateless firewalls?
- Stateless firewalls examine each packet independently against rules (fast but limited). Stateful firewalls track connection state (TCP handshake, session) and make decisions based on the full context of the communication. Stateful is more secure but uses more resources.
- How would you detect a Man-in-the-Middle attack on a network?
- Monitor for ARP anomalies, certificate warnings/changes, unexpected TLS downgrades, duplicate IP/MAC pairs, DNS resolution inconsistencies, and unusual traffic patterns. Network monitoring tools and IDS signatures can automate detection.
- What is a DMZ and why is it important in network architecture?
- A DMZ (Demilitarized Zone) is a network segment between the internet and internal network containing public-facing services. It limits exposure — if a DMZ server is compromised, the attacker still faces another firewall before reaching internal resources.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Wireless Network Security.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, network, wireless, wireless network security
Related Information Security Topics