Wireless Network Security - The Basics of Securing a Wireless LAN

Authentication process network

The process of mapping a client and the authentication of an access point is standard. If shared key authentication to customers in selected, there are additional packages sent confirmation of authenticity key.

The following describes the EAP authentication on the network.

First client sends probe all access points

Second access point sends the information with a frame rate of ETC

Third Clientselect the next point better access

Fourth scans Client Access Point in order of 802.11a, 802.11b, 802.11g and then

Fifth Data rate selected

Sixth Associates Client Access Point SSID

With the seventh EAP authentication on the network authenticates the client to the RADIUS server

Open Authentication

This protection has a rope to an access point or access points defines a logical segmentation of the wireless network known asService Set Identifier (SSID). The client can not associate with an access point, unless it is configured with the SSID. Network management is as simple as determining the SSID of each network client. 'S Access Point can be configured to broadcast the SSID does not improve security is something. Most companies implement key static or dynamic, in order to integrate security SSID.

Static WEP

Configure your client with an adapterprivate static wired equivalence (WEP) enhance the security of your wireless transmissions. The access point is encrypted with the same 40-bit or 128-bit WEP key, and while this key combination is configured to compare. The question is, hackers can intercept wireless packets and decrypt the WEP key.

Dynamic WEP keys (WPA)

The use of dynamic WEP encryption keys for each session will enhance the security of a hash algorithm, the new key pairs generated with specificIntervals, make it more difficult to spoof. The log-802.1x authentication with TKIP and MIC methods including encryption. Authentication between the wireless client and RADIUS authentication server allows dynamic management of security. It should be noted that any type of authentication is the Windows platform support given. One example is the PEAP requires Windows XP with Service Pack 2, Windows 2000 with SP4 or Windows 2003 on each client.

The802.1x is a standard for user authentication for each session with this encryption supported EAP types: EAP-TLS, LEAP, PEAP, EAP-FAST, EAP-TTLS and EAP-SIM. authentication credentials for network-User have nothing to do with the configuration of the client computer. Any loss of computer equipment does not compromise security. TKIP encryption with an encryption standard to improve the best WEP encryption key hashing package (PPK), verify the integrity of the message handling(MIC) and broadcast key rotation. The protocol uses 128-bit key to encrypt data and 64-bit keys for authentication. The transmitter adds a few bytes, or MIC, in order to decrypt a packet before encryption and the recipient and verify the MIC. Broadcast key rotation rotation unicast and broadcast keys at certain intervals. Fast reconnection is a function of the EPA, allowing employees available, should without a re-authentication with a RADIUS server to change rooms or floors will wander. TheClient username and password will be cached time with the RADIUS server for a while.

EAP-FAST

Implemented to build secure tunnels symmetric key algorithm

Clie NT and RADIUS server-side mutual authentication

The client sends the username and password in the secure tunnel

EAP-TLS

SSL v3 builds an encrypted tunnel

Sid and RADIUS client and server-side PKI certificates awarded mutual authentication

Dynamic per customer for meeting key used to encrypt data

Protected EAP (PEAP)

Implemented on a Windows client authentication method EAP-ny

RADIUS authentication server certificate's root CA server digital

client-side authentication with RADIUS server ticati Microsoft MS-CHAP v2 client with the username and password I encrypted credentials

Wireless Client Network EAP> Auth ntication process

Client First Associates with a ccess

Second access point allows traffic 802.1x

DAR ES third client authenticate IUS server certificate

Fourth RADIUS server sends the user name and password encrypted customer request

Fifth dial Cl s ame word to end users wi encrypted password to the RADIUS Server

Sixth WEP RADIUS server and client products. R ADIUS server sends the WEP key to access point

Seventh Place access encryptedBroadcast 128-bit key with the session key dynamic. Leave the client.

8th C lient and Access Point with session key to encrypt / decrypt packets

WPA-PSK

WPA Pre-Shared Keys used some features of static and dynamic WEP keys, key protocols. Each client and access point is configured with a specific code static. The code is generated TKIP key used to encrypt the data session. The access code should defend at least 27 charactersagainst dictionary attacks.

WPA2

WPA2 implements the standard methods of authentication WPA with Advanced Encryption Standard (AES). This encryption method is provided with the implementation of the government, etc., where the highest security requirements must be implemented.

Application Layer passcode

SSG uses an access code at the application level. The client can not nticat Auth and unless they know the access code. SSG is implemented in public places suchsuch as hotels, where the customer pays for access and word spread the word allows the network.

VLAN assignment

As noted, companies deploy access points with SSID tasks that define the logic of wireless networks. The access point SSID is mapped to a VLAN on the wired network segments that traffic from certain groups, as traditional wired network. wireless deployments with multiple VLANs then configure ISL or 802.1Q trunking betweenAccess Point and Ethernet switches.

Miscellaneous Settings


Turn off Microsoft File Sharing
Implement anti-virus software and firewalls
Install your company VPN Client
Turn O FF Auto connect to a wireless network
Do not use AdHoc mode - this allows laptops to connect to unknown
Do a good signal exceeded Site Survey
With the minimum power setting

Anti Theft option

Some access points have an option Anti-theftto ensure available with lock and wiring equipment, while using public space. can be mounted this is an essential feature of implementations of public access points where or stolen, is there any reason why it is so below the ceiling.

Security attacks

Wireless Packet Sniffer is recorded and analyzed decode packets sent between the client computer and the AP. Th and goal is to decipher the information on safety.

Dictionary attacks attempt toIdentify key for decryption on the wireless network configured with a list or a dictionary, with thousands of catchphrases access code. Collects information from hackers authentication and scanning every word in the dictionary against the password until a match is found.

The specifically assigned to each wireless client security. For I c AP-mode option is less secure without authentication. Every computer on the network can send data to an ad-hoc neighborsComputer. Select Infrastructure mode, if available.

IP spoofing is an attack on the common network with simulated or replaces the source IP address of each packet. The network communication device thinks that its approval to a computer.

SNMP is sometimes a source of security risk. Implement SNMP v3 with complex community strings.

Visit : MP3 Player wirelessinkjetprinter hpwirelessprinter

Labels: , , , , Posted by tun at 7:18 AM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger