By Ki Grinsing

Wireless connection is prone to security intrusion. Follow the guidelines in wireless security system

Overview

You know if the wifi signal propagates through the air waves, so the connection to the wifi network is not limited by the building where your network is. The hacker can freely connect to your wifi network without having to connect physically. With a laptop and a high gain directional antenna, wifi signal can be taken from a considerable distance up to 1,600 meters and can even be up to tens of kilometers with something like TP-link TL-WA5210G high power CPE. For that wifi networks are vulnerable from any attempt at interception so you need a protection to patch this vulnerability.

Best practices wifi security

There some best practices you need to configure to strengthen the security of your wifi network.

WEP and WPA/WPA2

One of the first encryption protocol introduced is WEP (Wireless Equivalency Protocol) with 40-bit and 128-bit encryption using RC4 algorithm. Most of this encryption is used on legacy wifi devices on standard 802.11b / g.

However, WEP security is found many weaknesses that ultimately Wi-Fi Alliance are working hard to create a stronger wireless security system which in turn makes system security WPA (Wi-Fi Protected Access), which is much stronger than WEP. All devices of the present generations of wireless network including wireless N or wireless ac standard are equipped with WPA or WPA2.

Always use the strongest security encryption WPA/WPA2 for securing your wifi network either in homes or in offices.

Change the default SSID

SSID is a string that is used as a wifi network identity among the many wifi networks around you. Each wireless APs emit its own SSID identity and may overlap. Always change the default SSID of your wireless network so that any other person is not using your wifi network and of course with WPA/WPA2 security.

MAC Address filtering

Each networking devices has a unique hardware identity around the world who called MAC address, or commonly known as a hardware address that is burned directly into the chip device.

You can use the MAC address filter of network devices which are allowed or prohibited to gain access to your wifi network. Though MAC filter security system can still be penetrated by tools such as MAC address sniffer, it is recommended to use this filter MAC security system as one layer of security for your wifi system.

802.1x and EAP—Advanced Security

More advance wireless security system is 802.1x and EAP (Extensible Authentication Protocol) which is used for Home, SOHO, and small enterprise with portability. 802.1x provides an authentication framework for WLANs, enabling a user to be authenticated by a central authority. The actual algorithm that is used to determine whether a user is authentic is left open and multiple algorithms are possible. Examples are certificate-based solutions (such as EAP—Transport Layer Security [EAP-TLS]), password-based solutions (such as EAP-One Time Password [EAP-OTP] and EAP-Message Digest 5 [EAP-MD5]), smart-card-based solutions (such as EAP—Subscriber Identification Module [EAP-SIM]), and hybrids (such as EAP-Tunneled TLS Authentication Protocol [EAP-TTLS]) that use both certificates and passwords. Some companies offer their own proprietary EAP solution, such as Cisco’s Lightweight EAP (LEAP).

802.1x/EAP-X and RADIUS

Another wireless security system used is the addition of RADIUS. IEEE 802.1x integrates well with open standards for authentication, authorization, and accounting (AAA) (including RADIUS and Lightweight Directory Access Protocol [LDAP]) so it fits in well with the existing infrastructure for managing dial-up networks and VPNs. RADIUS servers (including Windows 2000 IAS) that support EAP can be used to manage IEEE 802.1x-based network access.

Remote Access Dial-In User Service (RADIUS) is currently the de facto standard for remote authentication. It is a widely deployed protocol for network access AAA in both new and legacy systems. RADIUS is commonly applied to the enterprise organizations with large scale networks.

Above list of wireless security system is widely embedded on mostly home wireless routers but not include the RADIUS, except high-end wireless routers shipped with RADIUS.

Check out related article internet security software for home and SOHO network.