Unlike wired systems, which can be physically secured, wireless networks are not confined to the inside of buildings. They can be picked up as far as 1,600 feet or even more outside of the premises with a laptop and hi-gain dish adapter. This makes wireless local area networks (WLANs) inherently vulnerable to interception. Therefore, a Wireless Security System is needed to patch this vulnerability.
WEP and WPA/WPA2
The first generation of wireless security system is added by the 802.11 committee by adding the first line of defense – a Wireless Equivalency Protocol (WEP). WEP is an encryption protocol that provides the same level of security that wired cables provide, 40-bit and 128-bit encryption at the link layer using the RC4 algorithm.
Unfortunately, several weaknesses have been discovered in the WEP protocol. The 802.11i Task Force – Wi-Fi Alliance worked hard to create a stronger wireless security system in response to several serious weaknesses researchers had found in the previous WEP system. The stronger WAP (Wi-Fi Protected Access) encryption system was created. WAP is a certification program created by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks.
WPA2 replaced WPA as the wireless security system; like WPA, WPA2 requires testing and certification by the Wi-Fi Alliance. WPA2 implements the mandatory elements of 802.11i. In particular, it introduces a new AES-based algorithm, CCMP, which is considered fully secure. Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark.
Change the default SSID
The SSID (service set ID) in wireless security system is a string used to define a common roaming domain among multiple access points (APs). Different SSIDs on APs can enable overlapping wireless networks. You should change the default SSID, although the SSID does not add any layer of security, it should be changed from the default value so that other people do not accidentally use your network.
MAC Address filtering
You can use MAC address filtering in addition to the wireless security system. The MAC address filter contains the MAC addresses of the wireless adapters, which may associate with any given AP. A MAC filter is also not very strong security since it is easy to discover known good MAC addresses with a sniffer. Then, using Linux drivers available on the Internet for most 802.11 client access cards, you can configure the sniffed MAC address into the card and gain access to the network. Although not perfectly secure, MAC address filtering is one more layer on the onion – it makes it more difficult for someone to gain access.
802.1x and EAP—Advanced Security
More advance wireless security system is 802.1x and EAP (Extensible Authentication Protocol) which is used for Home, SOHO, and small enterprise with portability. 802.1x provides an authentication framework for WLANs, enabling a user to be authenticated by a central authority. The actual algorithm that is used to determine whether a user is authentic is left open and multiple algorithms are possible. Examples are certificate-based solutions (such as EAP—Transport Layer Security [EAP-TLS]), password-based solutions (such as EAP-One Time Password [EAP-OTP] and EAP-Message Digest 5 [EAP-MD5]), smart-card-based solutions (such as EAP—Subscriber Identification Module [EAP-SIM]), and hybrids (such as EAP-Tunneled TLS Authentication Protocol [EAP-TTLS]) that use both certificates and passwords. Some companies offer their own proprietary EAP solution, such as Cisco’s Lightweight EAP (LEAP).
802.1x/EAP-X and RADIUS
Another wireless security system used is the addition of RADIUS. IEEE 802.1x integrates well with open standards for authentication, authorization, and accounting (AAA) (including RADIUS and Lightweight Directory Access Protocol [LDAP]) so it fits in well with the existing infrastructure for managing dial-up networks and VPNs. RADIUS servers (including Windows 2000 IAS) that support EAP can be used to manage IEEE 802.1x-based network access.
Remote Access Dial-In User Service (RADIUS) is currently the de facto standard for remote authentication. It is a widely deployed protocol for network access AAA in both new and legacy systems. RADIUS is commonly applied to the enterprise organizations with large scale networks.
Above list of wireless security system is widely embedded on mostly home wireless routers but not include the RADIUS, except high-end wireless routers shipped with RADIUS.
Check out related article internet security software for home and SOHO network.
See also:
Search More Here:
Recent Comments