Wireless Network Security - Basics of Securing a Wireless LAN

Network Authentication Process

The process of a client associates and authenticates with a standard access point. Shared key authentication must be selected on the client, there are additional packets sent confirmation of authenticity key.

The following describes EAP network.

1 The client sends probe to all access points

AP 2 sends information frame with a speed of data transmission, etc.

3 customer selects the next appropriate accessPoint

4 Access point client scans in order of 802.11a, 802.11b and 802.11g then

5 selected data rate

6 customer has access to it with SSID

7 authenticated using EAP, the client network with a RADIUS server

Open Authentication

This protection has a string to an access point or multiple access points defines a logical segmentation of the wireless network as the Service Set Identifier (SSID). The client can not connectwith an access point, unless it is configured with this SSID. The use of the network is as simple as determining the SSID of the network for each client. The Access Point can be configured to broadcast the SSID does not improve the security of being something. Most companies implement to be static or dynamic keys to integrate the security of the SSID.

Static WEP

Configure the client adapter with a little private static equivalence (WEP) key increases the security of your wireless networkTransmissions. The access point is configured with the same key 40-bit or 128-bit WEP and comparison during the Association of cryptographic keys. The question is, hackers can intercept the wireless packets and decrypt the WEP key.

Dynamic WEP (WPA)

The use of dynamic WEP encryption keys per session strengthens the security of a hash algorithm, the new key pairs generated at certain intervals to make it harder to spoof. The standard protocol includes 802.1xMethods of authentication with TKIP and MIC. Authentication between the wireless client and RADIUS server authentication allows proactive management of safety. It should be noted that any type of authentication will be Windows-platform. PEAP is an example that requires Windows XP with Service Pack 2, Windows 2000 with SP4 or Windows 2003 on each client.

802.1x is a standard user authentication and session encryption, with thissupports EAP types: EAP-TLS, LEAP, PEAP, EAP-FAST, EAP-TTLS and EAP-SIM. Credentials to authenticate network users have nothing to do with the configuration of the client computer. Any loss of computer equipment has no impact on safety. TKIP is the encryption with a best encryption standards to improve WEP encryption, hashing each packet (PPK), verifying the integrity of messages processed (MIC) and broadcast key rotation. The protocol uses 128-bit key to encrypt data and 64-bit keyAuthentication. The transmitter adds a few bytes or MIC, a packet before encryption and the receiver decrypts and verifies the MIC. Transmitting key turning into unicast and broadcast keys at certain intervals. It is a fast-EPA feature that is available allowing employees, without re-authentication with the RADIUS server must move to change rooms or floors. Is cached, the user name and password from the client to the RADIUS server for a givenPeriod.

EAP-FAST

• Implements symmetric key algorithm to create secure tunnels

• RADIUS client and server side, the mutual authentication

• The client sends the username and password credentials in the secure tunnel

EAP-TLS

• SSL v3 builds an encrypted tunnel

• RADIUS client side and server-side PKI certificates associated with mutual authentication

• dynamic user session key to encryptData

PEAP (Protected EAP)

• Windows client with any EAP authentication method implemented

• server-side authentication with RADIUS server root CA digital certificate

• client-side with the RADIUS authentication server from Microsoft MS-CHAP v2 client with your username and password encrypted credentials

Wireless Network Client EAP authentication process

1 Associate Client access point

2 Access Point802.1x traffic

3 client authentication RADIUS server certificate

4 RADIUS server sends the user name and password to the client encrypted

5 The client sends username and encrypted password to the RADIUS server

6 RADIUS server and client to deduce WEP keys. RADIUS server sends the WEP key to access point

7 Access Point with 128-bit key encrypted transmission that dynamic session key. Send to the client.

8 Client and Access Point using the session key for encryption / decryptionPackages

WPA-PSK

WPA pre-shared keys for some functions of static and dynamic WEP key protocols. Each client and access point is configured with a static password specification. The access code is generated using the TKIP key for encryption of data per session. The access code must be at least 27 characters to defend against dictionary attacks.

WPA2

WPA2 implements the WPA authentication methods with Advanced Encryption Standard (AES).This encryption method is with the government implementations, etc., where the highest security requirements must be implemented to use.

Application-level access code

SSG uses a code at the application level. Client can not authenticate when they know the access code. SSG is implemented in public places like hotels, where the customer pays for the password to access the network.

VLAN assignment

As companies use Access Point notedSSID with the task of identifying the logical wireless networks. The SSID access point will be associated with a VLAN on the wired network segment traffic by specific groups, such as with a wired conventional network. Wireless deployments with multiple VLANs, then configure 802.1Q trunking ISL between access point and Ethernet switch.

Miscellaneous Settings


Turn off file sharing of Microsoft
Implement anti-virus software and firewalls
InstallCompany's existing VPN Client
Turn off automatically connect to a wireless network
Do not use the AdHoc mode - this allows laptops to connect to unknown
Avoid signal with a good passing inspection
Use a minimum transmission power control

Anti Theft option

Some access points have a secure option available with anti-theft lock and wiring devices, and used in public places. This is an essential feature of implementations of public access points where it can be stolen, or youMust be some reason for which they are mounted under the ceiling.

Security attacks

• Wireless packet sniffers is captured, decoded and analyzed packets sent between the client computer and the AP. The aim is to decipher the information security.

• Dictionary attacks try the key for decryption of the wireless network using a set list or a dictionary with thousands of records access code is typical. The hacker gathers information from the authenticationProcess and examine each word in the dictionary against the password until it finds a match.

• The specific mode assigned to each wireless client security. Ad-hoc mode is the least secure authentication option without AP. Every computer on the network can send information to computers hoc neighbors. Select Infrastructure mode, if available.

• IP spoofing is an attack on the common network with fake or replace the source IP address of each packet. The network devicethinks that his communication with an authorized computer.

• SNMP is sometimes a source of security compromised. Implement SNMP v3 with complex community strings.

free design software USB Storage

Labels: , , , , Posted by tun at 6:22 PM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger