Wireless Network Security – The Basics of Securing a Wireless LAN
Network Authentication Process
The process of association and a client to authenticate an access point is standard. If shared key authentication is selected to be the customer, there are additional packets sent confirming the authenticity of keys.
The following describes EAP network.
1. The client sends probe to all access points
2. Access point sends frame information with data transmission rates, etc.
3. Client selects the nearestthe point of access
4. Client access point scans in order of 802.11a, 802.11b and 802.11g then
5. Data transmission rate is selected
6. Membership client to access point with SSID
7. With network authentication EAP client authenticates with the RADIUS server
Open Authentication
This type of security assigns a string to an access point or entry points defining a logical network known as segmented wireless service set identifier(SSID). The client can not associate with an access point unless it is configured with the SSID. Association with the network is as simple as determining the SSID from any client on the network. The access point can be configured to not broadcast the SSID to improve a little 'security. Most companies implement static or dynamic keys to integrate the security of SSID.
Static WEP keys
Configure your client adapter with a static wired equivalent private(WEP) key to improving the security of wireless transmissions. The access point is configured with the same 40-bit or 128-bit key WEP and association during the cryptographic keys are compared. The problem is hackers can intercept the wireless packets and decode the WEP key.
Dynamic WEP keys (WPA)
The deployment of dynamic WEP keys for encrypted session strengthens security with a hashing algorithm that generates new key pairs at specific intervals to make spoofing moredifficult. The standard protocol includes methods of authentication 802.1x with TKIP and MIC. Authentication between the wireless client and RADIUS server authentication allows the administration security dynamic. It should be noted that each type of authentication to specify the support of the Windows platform. An example is PEAP requires Windows XP with Service Pack 2, Windows 2000 with SP4 or Windows 2003 to every customer.
802.1x is an authentication standard withper user and session encryption for these EAP types supported: EAP-TLS, LEAP, PEAP, EAP-FAST, EAP-TTLS and EAP-SIM. Credentials to authenticate network users have nothing to do with the configuration of the client computer. Any loss of computer equipment does not affect safety. The TKIP encryption process is run with an Advanced Encryption Standard to improve the package hashed WEP key (PPK), the message integrity check (MIC) and broadcast key rotation.The protocol uses 128-bit keys for encryption of data and 64-bit keys for authentication. The transmitter adds a few bytes or MIC for a packet before encrypting it and the receiver decrypts and verifies the MIC. Broadcast key rotation will rotate unicast and broadcast keys at specific intervals. WPA Fast Reconnect is a feature that is available allowing employees to move around without having to re-authenticate with the RADIUS server would have to change rooms or floors. The user name and password of the client iscache with the RADIUS server for a specified period.
EAP-FAST
• Implements symmetric key algorithm to build secure tunnel
• RADIUS client and server mutual authentication
• The client sends user credentials and password in the secure tunnel
EAP-TLS
• SSL v3 builds an encrypted tunnel
• RADIUS client side and server-side PKI certificates granted with mutual authentication
• Clients for Dynamicsession keys used to encrypt data
PEAP (Protected EAP)
• Implement a Windows client with any EAP authentication method
• Server side RADIUS authentication server with the root CA digital certificate
• client-side authentication with the RADIUS server from Microsoft MS-CHAP v2 client with your username and password encrypted credentials
Wireless Client Network EAP authentication process
1. Associate clients with accesspoint
2. Access point allows traffic 802.1x
3. Client authenticates the RADIUS server certificate
4. RADIUS server sends username password encrypted request to the customer
5. The client sends the password encrypted username with a RADIUS server
6. RADIUS server and client to derive the WEP key. RADIUS server sends the WEP key to access point
7. Access point encrypts 128-bit key with the session key transmitted dynamic. Send to the customer.
8. Client and access point use sessionkey to encrypt / decrypt packets
WPA-PSK
WPA pre-shared keys use some features of static and dynamic WEP key protocols. Each client and access point is configured with a specific code static. The security code that generates keys to encrypt data using TKIP per session. The access code must be at least 27 characters to defend against dictionary attacks.
WPA2
WPA2 implements the WPA authentication methods with AdvancedEncryption Standard (AES). This method of encryption is distributed with the government etc. implementations where security must be implemented more stringent.
Passcode Application Layer
SSG uses an access code at the application level. Client can not authenticate unless you know the access code. SSG is implemented in public places like hotels where the customer pays for the password that allows access to the network.
VLAN assignment
As notedcompanies deploy access points with SSID assignments that define logical wireless networks. The SSID access point will be associated with a VLAN on the wired network that segments of traffic to specific groups as they would with conventional wired network. Wireless deployments with multiple VLANs will then configure 802.1Q trunking ISL between access point and Ethernet switch.
Miscellaneous Settings
Turn file sharing of MicrosoftOFF
Implement anti-virus software and firewalls
Install the VPN client business
Turn off automatically connect to any wireless network
Never use AdHoc mode – this allows you to connect portable computers Unknown
Avoid signal invaded by a good survey site
Using a minimum transmission power setting
Anti Theft option
Some access points have an option available with anti-theft lock and safe wiring of equipment during the mission in public places. This is a key publicimplementations where access points can be stolen or is there some reason that must be mounted below the ceiling.
Security attacks
• Wireless packet sniffer packet capture, decode and analyze the computer sent between client and AP. The aim is to decode the information security.
• Dictionary attacks attempt to determine the decryption key configured on the wireless network using a list or a dictionary with thousands of localaccess code phrases. The attacker acquires information from the authentication process and scans each word in the dictionary against the password until a match is found.
• The mode assigned to each wireless client specific Safety affects. The Ad Hoc mode is the least secure option AP without authentication. Every computer on the network can send information to a nearby ad-hoc computer. Select Infrastructure mode, if available.
• IP spoofing is a common networkfalsify or attempt to replace the source IP address of each packet. The network device thinks its communication with a computer approved.
• SNMP is sometimes a source of security compromised. Implement SNMP v3 with complex community strings.
Leave a Comment
Be the first to comment!
