Wireless Network Security - Basics of a secure wireless LAN

Authentication process network

The process of a partner and client authentication is an access point by default. If Shared Key Authentication Client selected indicates that there are add-on packages sent to confirm the authenticity of the keys.

The following section describes the EAP authentication on the network.

The probe sends first customer at all access points

2. AP sends frame information with data transmission rates, etc.

Third Clientselects the next combination Access Point

Fourth scans client access point, in order of 802.11a, 802.11b, 802.11g and

5. Data Rate Selected

Client Associates sixth SSID Access Point

7. EAP authentication on the network, client authentication with RADIUS server

Open Authentication

This type of protection is a string to an access point or multiple access points defines a logical network segmentation known as wirelessService Set Identifier (SSID). The client can not connect to an access point, unless it is configured with the SSID. Connecting to the network is as simple as determining the SSID of each network client. The Access Point can be configured to not broadcast the SSID to something better security. Most companies implement static or dynamic keys in order to integrate the security of the SSID.

Static WEP

Configuring the client with an adapterStatic Wired Equivalent Privacy (WEP) improves the security of wireless transmissions. The access point is configured in comparison with the same 40-bit or 128-bit key WEP and association during the encrypted key. The question is, hackers can intercept the wireless packets and decrypt the WEP key.

Dynamic WEP (WPA)

The use of dynamic WEP encryption keys for each session reinforces the security of a hash algorithm, the new key pairs generated with specificIntervals to make it harder to spoof. The protocol includes methods for 802.1X authentication with TKIP and MIC. Authentication between the wireless client and RADIUS server authentication allows proactive management of safety. It should be noted that any type of authentication must be given in support of the Windows platform. One example is the PEAP requires Windows XP with Service Pack 2, Windows 2000 with SP4 or Windows 2003 on each client.

L '802.1x is an authentication standard per user, per session encryption that supports EAP types: EAP-TLS, LEAP, PEAP, EAP-FAST, EAP-TTLS and EAP-SIM. User network authentication credentials have nothing to do with the configuration of the client computer. Any loss of computer equipment does not affect safety. Encryption is TKIP with advanced encryption standards WEP treated with improvement of the packet key hashing (PPK), Reportintegrity check (MIC) and broadcast key rotation. The protocol uses a 128-bit key to encrypt data and 64-bit keys for authentication. The transmitter adds a few bytes or a MIC package prior to encryption and the receiver decrypts and verifies the MIC. Broadcast key rotation rotate unicast and broadcast keys at certain intervals. Almost returned to a WPA-function that is available, according to roam the employees, without the need to authenticate with the RADIUS server, you should changeFloors or rooms. The client's user name and password stored with the period between the RADIUS server for a specific.

EAP-FAST

• Implementation of building tunnels secure symmetric key algorithm

• RADIUS client and server authenticate each other

The client sends the username and password credentials in the secure tunnel

EAP-TLS

• SSL v3 builds an encrypted tunnel

• RADIUS client and server sidePKI certificates granted with mutual authentication

Dynamic per user per session key used to encrypt data •

Protected EAP (PEAP)

• On Windows clients, with each EAP authentication method implemented

• server-side authentication with RADIUS server root CA digital certificate

Client authentication with the RADIUS server for Microsoft MS-CHAP v2 client with a username and password encryptedCredentials

Client Wireless Network EAP authentication process

Before clients associated with Access Point

2. 802.1x Access Point allows traffic

Third client authenticates the RADIUS server certificate

4. RADIUS server sends the encrypted password and user name the customer's request

fifth client sends username and password to encrypt RADIUS server

6. RADIUS servers and clients derive the WEP key. RADIUS Serverapplication for access WEP-key-to-point

7. Access Point 128-bit encrypted transmission key with the session key dynamic. E-mail client.

8 and use the client access session key to encrypt / decrypt packets

WPA-PSK

WPA Pre-Shared Keys used some features of static and dynamic WEP key protocols. Each access point and client configured with a specific code static. The code is generated key, TKIP, to encrypt the data session.The access code must be at least 27 characters to defend against dictionary attacks.

WPA2

WPA2 implements the WPA authentication methods with Advanced Encryption Standard (AES). This encryption method is the implementation of government, etc., where the highest security requirements must be implemented are provided.

Application Layer access code

SSG uses a code at the application level. Client can not authenticate when they knowthe access code. SSG is implemented in public places like hotels where the customer pays for the password to access the network.

VLAN Assignments

As mentioned companies will use access points with the tasks that define logical wireless network SSID. The access point then SSID to a VLAN on the wired network are allocated to the segments of traffic from certain groups, as they did with the traditional wired network. wireless implementations with differentConfiguring 802.1Q VLAN ISL Trunking or later between access points and Ethernet switches.

Miscellaneous Settings


Turn Off File Sharing Microsoft
Implement anti-virus and firewall software
Install your company VPN Client
auto turn connect to a wireless network
Do not use the Ad-Hoc mode - this allows you to connect portable computers Unknown
Avoid the signal with a good survey site exceeded
Minimal loss of transmission power control

Anti-theftOption

Some access points have become an option available with anti-theft lock and wiring devices, when used in public places. This is an essential feature of public implementations, in which access points or stolen, it may be some reason why they are mounted in the ceiling.

Security attacks

• wireless sniffer is detected, decoded and analyzed packets between the client computer and the AP. The goal isto decode security.

• Dictionary attacks groped, the encryption key using the wireless network to determine a set list or a dictionary with thousands of catchphrases access code. Collects information from hackers authentication and scanning every word in the dictionary against the password until it finds a match.

• The specific mode assigned to each wireless client has a security. Ad hoc mode is the least secure option without authentication AP.Every computer on the network, computers can send information to an e-neighbors ad hoc. Select Infrastructure mode, if available.

• IP spoofing is an attack on the common network with falsification or replaces the source IP address of each packet. The network device thinks that its communication with an authorized computer.

• SNMP is sometimes a source of security risk. Implement SNMP v3 with strings of complex communities.

HP Officejet 6500 Wireless Laser Printer

Labels: , , , , Posted by tun at 3:36 AM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger