How to do Wireless Security

Overview of Wireless Security

Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Due to affordability of Wi-Fi Routers, Internet access through wireless means have gained popularity. Today, almost every laptop and Smartphone is equipped with wireless cards enabling users to access network of the Internet through a wireless connection. Data transmitted over wireless LAN using radio waves can be trapped and unauthorized users can gain access to internal network resources or access to the Internet without the consent of the owner. In most cases, unprotected WLAN’s acts like a free hotspot for wireless users.

You can protect WLAN’s by using wireless security such as Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) to encrypt and decrypt network traffic.

Piggybacking

Piggybacking refers to the practice of using wireless Internet connection subscribed by others. For example, a user can connect to his/her neighbor’s WLAN and access the Internet without permission. Such practices are unethical and considered illegal in some countries.

Usually WAP’s advertise their presence by broadcasting their SSID.

For example, look at the figure below listing all the wireless networks available within its range. Some of the connections could be far away from your computer, however, the WNIC will list every connection it can detect within its range. You may be able to establish a connection to one of the unsecured entries listed, though not owned by you!

Some businesses provide free or complimentary Internet access through WLAN’s commonly referred to as a hotspot service. It is intended for their customers to avail Internet access during their visits. Such connections may also be listed here. For all you know, someone could also establish a connection to your WLAN and use your network resources or access the Internet without paying for it.

Protecting WLAN

in order to protect wireless networks, there are a variety of methods available listed below (not limited to):

Note: Some of these methods may not be possible if the WAP or SOHO router with integrated AP lacks such capabilities. 

1. Use MAC address authentication filtration: You can add the list of MAC addresses of computers or devices to the WAP. Connection to the WAP will be allowed only if the WAP finds matching MAC address.

2. Implement WEP

WEP (Wired Equivalent Privacy)

WEP is a widely used security algorithm and is often the first security choice. Although its name implies that it is as secure as a wired connection, due to numerous flaws and has lost out to newer standards such as WPA2. WEP uses 64-bit or 128-bit encryption.

Methods of Authentication

WEP uses two methods of authentication: Open System authentication and Shared Key authentication.

In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Any client can authenticate with the Access Point and then attempt to associate. In effect, no authentication occurs hence no security at all anyone can connect!

In Shared Key authentication, the WEP key is used for authentication in a four step challenge-response handshake:

  1. The client sends an authentication request to the Access Point.
  2. The Access Point replies with a clear-text challenge.
  3. The client encrypts the challenge-text using the configured WEP key, and sends it back in another authentication request.
  1. The Access Point decrypts the response. If this matches the challenge-text the Access Point sends back a positive reply.

After the authentication and association, the pre-shared WEP key is also used for encrypting the data frames using RC4.

  1. Implement WPA

WPA (Wi-Fi Protected Access) & WPA2 (Wi-Fi Protected Access II)

WPA and WPA2 are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.

WPA protocol implements a lot of the IEEE 802.11i standard, especially the Temporal Key Integrity Protocol (TKIP). TKIP employs a per-packet key, i.e. It dynamically generates a new 128-bit key for each packet thus preventing attacks which compromised WEP.

WPA also includes a message integrity check. This is designed to prevent an attacker from capturing, altering and/or resending data packets. This replaces the cyclic redundancy check (CRC) that was used by the WEP standard.

WPA2 has replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.111. In particular, it introduces CCMP, a new AES-based encryption mode with strong security.

WPA operates in two modes:

  1. First mode to provide different keys to each user through a 801.x authentication server.
  2. Second mode, a less secure PSK mode, PSK or Pre-shared Key mode is designed for home and small business networks that may not have 801.x authentication servers. In this case, every user has the same pass phrase.

Unlike WEP that is widely supported by almost all WLAN devices, support for WPA or WPAZ may not be available on certain devices. In some cases, vendors provide a firmware upgrade which can provide support for WPA/WPAZ. Also the WNIC’s must support these standards

4. Disabling SSID broadcasts: If SSID broadcast is disabled, 55ID’s will not be displayed when computers attempt to discover WLAN’s.

5. Implement Wireless intrusion detection systems and monitor your network for any intruders attempting to access your network through WLAN. This method is most expensive as it involves use of special devices.

To summarize, it is best to use a combination of methods to keep the network secure. Though there is no guarantee of 100% protection, the discussed methods definitely make it difficult for unauthorized users to penetrate and access the network.

Troubleshooting Wireless Networks

Given below are guidelines to optimize and troubleshoot wireless networks based on best practices:

  • WLAN’s use radio waves that is limited in distance. If the end device such as desktop or a laptop is quite far away from the WAP, the signal would be weak, it is advisable to either move the devices as close as possible or to place the devices (at least the WAP) at a higher level to avoid interference from obstacles such as cupboards, etc. Anything made of wood, steel, concrete. glass, etc. absorbs signals resulting in poor signals.
  • When you require roaming facilities, you can use a wireless extender to amplify the signal and thus increase the coverage area. You can also configure some SOHO routers to work only as an access point.
  • WLAN’s use radio waves and may be disturbed by other radio waves using the same frequency within the area. For example, many consumer devices such as cordless telephones, Car alarm, wireless cameras, microwave oven, baby monitors use the same frequency (2.4 GHz) at which Wi-Fi standards 802.11b, 802.11g and 802.11n operate. This can cause a significant decrease in speed, or sometimes total blocking of the Wi-Fi signal. You can use devices such as spectrum analyzers to find the source of interference. If Such devices are not available, then you need to analyze and find out the probable devices that might use the same frequency. You can also move away from the interference by shifting channels (11 to 6, 6 to 1) as it will change the frequency of the WLAN devices.
  • WLAN’s use Omni-directional antennas that radiate strong signals horizontally but are weak in upward or downward directions. It is recommended to get WAP’s with external antennas as the position can be changed to provide adequate signals. You can also use directional antennas if connecting WAP’s between two buildings across a road or within a facility. Check with the product specification for details on signal strength and range it can provide.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.