Review Wireless
WiFi and security

This tutorial presents the security principles that you should employ on your wireless network to protect yourself from nasty people on the internet. You will also discover the standards that are employed in wireless technology

Tags : WiFi security, wep key, wap key, protect wireless network

WiFi and security

February 07th, 2006 - 06:00 pm ET by Laurent K.
  1. 1 - Introduction and Pre-requisites
  2. 2 - Different wireless network types – Part 1
  3. 3 - Different wireless network types – Part 2
  4. 4 - Basic principles for wireless network security – WEP Encryption – Part 1
  5. 5 - Basic security principles of a wireless network – WPA and WPA2 encryption – Part 2
  6. 6 - Auditing under Linux – Penetrating a wireless network – Part 1
  7. 7 - Auditing with Linux – Penetrating a WiFi network – Part 2
  8. 8 - Auditing with Windows – Penetrating a Wi-Fi network
  9. 9 - How to crack WPA keys under Linux '
  10. 10 - Conclusion
    2.2 1.1  WPA Encryption of WiFi Protected Access

WPA is a “reduced” version of the 802.11i protocol, composed of authentication protocols and a strong encryption algorithm: TKIP (Temporary Key Integrity Protocol). The TKIP protocol allows the random generation of keys and makes it possible to modify the coding key several times per second, for more security.
The operation of WPA rests on the placement of an authentication server (most commonly a RADIUS server), making it possible to identify the users on the network and to define their access rights. Nevertheless, it is possible for small networks to implement a restricted version of WPA, called WPA-PSK, by deploying the same code key to all of the equipment avoiding the installation of a RADIUS server.
WPA (in its first design) only support networks running in infrastructure mode, meaning that it is not possible to secure ad hoc wireless network. Although this encryption solution is much stronger, it is not free of fault and there is – just like with WEP – the possibility of “breaking” this solution. Nevertheless, within the framework of a private user, this encryption method is acceptable as the methods and competences of cracking such a network are far from common place.

On the other hand if for your network is for professional use then this solution is not sufficient, so other means are available to you to ensure a better level of security, by using WPA2.

Image

    2.3   WPA2 / 802.11i

802.11i was ratified on the 24th of June 2004 finally providing a security solution for pushed WiFi networks. It is based on the TKIP encryption algorithm, like that of WPA, but also supports AES (Advanced Encryption Standard) making it more secure. WiFi alliance thus created a new certification, baptised WPA2, for all materials supporting the standard 802.11i protocol. Contrary to WPA, WPA2 allows you to secure both infrastructure and ad hoc wireless networks.
The WPA2 architecture:
The IEEE 802.11i standard defines two function modes:

  • Personal WPA: the mode “personal WPA” makes it possible to implement protected infrastructure based on WPA without having to also implement an authentication server. Personal WPA still uses a shared key, called PSK for Pre-Shared Key, that is configured in the access points as well as the client computers. Unlike WEP, it is not necessary to provide a preset key length. Indeed, WPA makes it possible to use a “pass phrase”, translated into PSK by a chopping algorithm.

  • Enterprise WPA: The enterprise version undertakes the use of 802.1x authentification infrastructure based on an authentification server, generally a RADIUS (Remote Authentication Dial-in Using Service) server, and a network controller (access point). This solution is currently the safest as there is no stronger authentication system available. But be careful, nothing is taken lightly and it is a sure bet that this solution won’t be safe from hackers for long.


NB. Not all equipment is MPA2 compatible; verify when you are purchasing your equipment that it has the options that you require.



MAC address filtering, yet another solution

Each network adaptor has a physical address that is unique to it (called a MAC address). This address is represented by a 12 digit hexadecimal number, grouped into pairs and separated by hyphens. Access points generally allow in their configuration interface to manage an access list (called an ACL) based on the MAC addresses of authorised equipment to connect to the wireless network.
This precaution is constrictive making it possible to limit the access to the network to a certain number of machines. Be aware though that this will not resolve any confidentiality problems while exchanging data.


    2.4 Securing Architecture

Beyond just choosing your algorithm, the problem still remains in choosing the location for your access point so that all the equipment you wish to connect to it will be within range. You should also be sure that your network is not overloaded right from the start of your installation. This precaution is essential, because the less your network range “overflows”, the more discrete you network is, making it less accessible from the outside world.


next page » Page 5 / 10 « previous page Post a comment
Previous review Next review
Firewall IPCop : Presentation of the Web interface and administration Firewall IPCop : Services Guide