Skip to main content

What Is AP Isolation?




In computer networking, AP is an abbreviation for access point. An access point, or wireless access point, is a device that permits mobile devices, such as laptop computers and personal digital assistants, to connect wirelessly to a wired computer network. AP isolation is a technique for preventing mobile devices connected to an AP from communicating directly with each other.


Malicious Network Traffic

    AP isolation effectively creates a “virtual” network among wireless devices, one in which each device is a separate entity in its own right. AP isolation allows network administrators to separate potentially malicious network traffic from a publicly accessible portion of a wireless network from the main control network. In so doing, it prevents the main control network from being flooded with unsolicited network traffic, which may include viruses, worms and Trojan horses.

Applications

    A typical application of AP isolation is a wireless hotspot, of the type found in airports, coffee bars and railway stations. A wireless hotspot typically allows numerous guest users to connect to an AP and create a single, large wireless network. Without AP isolation, unscrupulous users could connect to network devices other than the AP itself for the purposes of hacking or flood the whole network with traffic, rendering it unusable.

ARP Poisoning

    AP isolation can be a useful weapon in the fight against malicious attacks on wireless networks, but certain types of attack, known as ARP poisoning or ARP spoofing attacks, may be able to bypass the AP altogether. ARP stands for Address Resolution Protocol and describes a method of finding the physical Ethernet address of a network device from its Internet Protocol address. An attacker may transmit a unit of data, known as a packet, with a falsified Ethernet address directly to a network device so that it appears that the packet came from the AP. To protect against this type of attack, network administrators must place wired Ethernet devices on a different portion of the network, or subnet, than wireless devices.

PSPF

    Almost all network equipment vendors implement AP isolation in one form or another. One of the world’s leading network vendors, Cisco, implements AP isolation in the form of a technology known as Publicly Secure Packet Forwarding. However, PSPF, in common with other AP isolation techniques, does not prevent an attacker from sending a “poisoned” ARP packet to another client, so it must still be used in conjunction with subnetting to provide an effective defense mechanism.







Popular posts from this blog

Digital Visual Interface (DVI)

Read more

EDIMAX BR‐6428nC

Default settings of the EDIMAX BR‐6428nC Here you find the default IP address as well as the username and password for the user interface of the EDIMAX BR‐6428nC N300 Multi-Function Wi-Fi router. This site also contains information about the preconfigured Wi-Fi settings of the device. In the bottom part of this website, you will find a manual for accessing the user interface of this router and resetting its factory settings .
Read more