WHAT IS WI-FI?
Wi-Fi is the name given to man’s quest for wireless networking. Eventhough wireless communications were possible in the past also, thanksto GSM, CDMA, Infrared, Bluetooth etc, the paltry data rates providedby these standards were hardly enough to sustain networks.
Wi-Fi stands for Wireless Fidelity. It ensures mobility and yet retainsthe data rate which is comparable to wired networks. It is the namegiven to the set of standards belonging to the 802.11 categoryinstituted by the Institute of Electrical and Electronic Engineers(IEEE). It basically comprises of the following standards:
Standard Frequency Speed
1. 802.11a 5 GHz 54 Mbps
2. 802.11b 2.4 GHz 11 Mbps
3. 802.11g 2.4 GHz 11 Mbps
THE NEEDs FOR WI-FI SECURITY:
In a wired network the system can be hacked into only through a systemattached to a network. Data interception, data alteration and intrusionare possible only when the hacker can access a node attached to thenetwork in some manner.
But Wi-Fi works on wireless technology. This means that any machinewith a wireless network adapter can gain entry into a wireless network.Devices that allow scanning of wireless access points are availablecheap (compared to the amount of data they can possibly allow accessto) in the market. This further simplifies the job of a potentialhacker who can use it to track users. All a hacker needs to do is to bein the range of a wireless network. Then he can simply intercept thesignal (sniffing), manipulate it and get access into the network(spoofing). For example a business man transferring his money to anaccount while sitting in a Wi-Fi enabled Mc Donald’s can easily becyber looted by a hacker sitting in the opposite end of the restaurantif he has a wireless adapter and the tools needed to intercept andmodify the signals. The recently occurred Lowe’s case in North Carolinais proof enough that Wi-Fi is certainly not so safe for transferringsensitive data like credit card numbers, company plans or the personalhealth records of a company’s employees. This is reason enough forusers to secure their networks in all possible ways.
THE METHODS FOR SECURING WI-FI:
SSID: Service Set Identifier is a 32 character unique identifierattached to the header of the packet transferred over the wirelessconnection. It distinguishes one network from another. All AccessPoints belonging to the same network have a common SSID. It is like aschool scenario where the students of a particular class are identifiedby their class name.
The SSID is also called the Network Name.
When a new Access Point is installed the default SSID value should bechanged and should be assigned a network key. This serves as a basicmeans of security and privacy.
WEP: Wired Equivalent Protocol was proposed by the IEEE to bringthe level of security enjoyed by wired networks to wireless networks.WEP uses secret encrypted keys to alter the data bits passing in awireless network. This ensures (or at least used to) that even if thedata is sniffed, without the key, it will be rendered useless. This keyis made available only to the source and destination parties. It ismore like a symmetric cryptography scheme.
The encryption can be 64 bit, 128 bit or 256 bit. Till recently 64 bitwas safe enough but with rumours that a crack for this key has beenfound, it is advisable to use 128 bit or 256 bit encryption. Anotherway to keep data secure while using WEP is to frequently change thekey. A downfall to this is that it is susceptible to man in the middleattacks (the key can be stolen while it is being exchanged).
ACL: Access Control List is a table of the MAC addresses of allaccess points in the network. The MAC (Media Access Control) address isa unique address assigned to each wireless device. The ACL ensures thatonly those MAC addresses which are present in the list are allowed toenter the network. The downfall to this is that the MAC addresses canbe stolen and spoofed.
IEEE 802.1x: This is basically a method of security based on the principle of network restriction through user restriction.
This standard recommends the use of a Remote Authentication Dial InUser Service (RADIUS) server. This is used along with two datacommunication protocols viz. Extensible Authentication Protocol (EAP)and Transport Layer Security (TLS).
The RADIUS server requires the user to login with a user name andpassword and also answer an encryption key question. The request isthen constructed and wrapped in a specific manner based on the EAP/TLSstandards. TLS prevents sniffing and tampering of the communicationchannel and also prevents message forgery. This is brought about by theuse of a trust relationship between the source and destination by meansof a certificate of validity. This is provided by a trusted third partycertifying authority. An extension to this is called the TunneledTransport Layer Security (TTLS)
FIPS 140: Federal Information Protection Standard 1.40 is a higherlevel security. It provides data encryption of different types likeAdvanced Encryption Standard (AES) or Triple Data Encryption Standard(3DES). Since the level of encryption provided by these standards isalmost impossible to crack, as of now this is the best method ofsecurity available.
SUMMARY:
Securing wireless networks can seem to be a complicated process. Manytimes users are just too ignorant about the aspect of security. Theythink “Why would anyone hack me? That is really a silly questionbecause a hacker doesn’t need motivation to hack; all he needs is achance. Some users even if concerned about security find implementingit confusing. At such times it is advised to take the help of manualson the same or better yet get professional help. It is a small price topay for keeping your data and privacy safe.
And last but not the least; ensure to follow the three tier step of networking:
1. Plan 2. Implement 3. Test
This basically means that plan before setting up your network. Be clearwith your network. Understand why you want to network. Then get atailored security package according to your network. Use differentmethods together to attain the desired level of security. Plan asecurity policy and make sure to enforce it.
Implement your network along with the security package and security policy. Make sure all users adhere to the policy.
Test your network. Once you finish setting up your network check forunknown access points. Try to sniff your own signals. See if yournetwork can be compromised in any way. Watch out for suspiciousactivity in the range of your network. If you feel that your network isstill weak in some manner then plan again, improve the measures,implement the new packages and again test it. This should be acontinued cycle.
credits to x
0 comments
Post a Comment