You are here: Wireless Security Technology
Intruders find wireless networks relatively easy to break into. Issues can arise even in a n organization that is running a wired-only network when a wireless laptop is plugged into it using an available Ethernet jack. In this scenario, an intruder could sit out in the parking lot and break in through the laptop's wireless card and gain access to the wired network. Thus, both network administrators and users must be aware of these risks and take protective measures.
New standards attempt to strengthen security barriers, and there are many technologies available to counteract wireless network intrusion. But no method is absolutely secure. The best strategy is combine a number of security measures:
Organzations are increasingly relying on computer security specialists to help protect their network infrastructure. While some of their duties may overlap with that of a network administrator's, it is a higher-level role because of their specialized training in assessing the requirements of, and security risks to, an organization's network infrastructure. They are also are trained in designing, implementating and maintaining the network infrastructure from security breaches.
There are two wireless data standards are commonly used by wireless networking hardware today : 802.11b and 802.11g.
802.11b operates in the 2.4GHz radio frequency range. Its maximum bandwidth is 11 Mbps, and maximum effective range is about 105 feet. The 2.4GHz frequency range is quite narrow and offers a maximum of 11 channels, of which three are separate non-overlapping data channels. (These channels are 1, 6 and 11. To see a more in depth discussion about why only 3 channels should be used although our devices allows 11 channels see the webpage Comparing 802.11a, b, and g: Channels and Interference). Data channels are just like radio channels - you can only have so many in a frequency range; however, unlike radio channels, more than one user can use a single channel.
The 802.11g standard is an upgrade to the 802.11b. It also operates in the 2.4GHz radio frequency range. Its maximum bandwidth is 54 Mbps and the maximum range is about 175The 802.11g standard is backwards compatible with its predecessor, 802.11b.
By default, a wireless network access point is open to anyone within in range with the proper equipment. Thus if your router or access point is configured to distribute IP addresses via DHCP, it will do so to anyone equipped with a wireless enabled laptop or PDA. Older wireless routers/access points have two basic security methods: MAC address filtering and Wired Equivalent Privacy (WEP).
MAC address filtering consists of 2 modes: association and connection. Enabling association mode allows the client device to communicate only with other wireless devices on the network. It does not allow access to any device outside of the network, or the Internet. Enabling connection mode allows the client device with full communication privileges. WEP works by establishing a shared key between the clients and the wireless router/access point, then using it to encrypt and de-crypt data passing between them. WEP is enabled on the wireless router/access point and on each client accessing it. A pass phrase must be identically entered on each system. Both MAC and WEP offer only very basic security, and the risks associated with their use are discussed in the webpage Wireless Networks in Big Trouble.
Newer versions of wireless routers/access points make use of 2 additional security methods. The first is the Wireless Applicaton Protocol (WAP), of which there are several variations. A router/accesspoint may also support the Remote Authentication Dial In User Service (RADIUS), a protocol that works in conjunction with Network Operating Systems such as Windows, UNIX or Linux servers and is used for larger networks. (See www.freeradius.org for unix-like OS, technet.microsoft.com for Windows) RADIUS provides centralized authentication, authorization, and accounting for network access. Originally developed for dial-up access, RADIUS is supported by virtual private network (VPN) servers, and network switches.
As we go through this module, MAC, WEP, WAP & RADIUS technologies will be presented to help you choose one of them depending on your needs and available resources.
The challenges of creating and maintaining a wireless home network pales in comparison with establishing the same in large office, metropolitan and campus settings. Security is the primary concern and limiting factor with implementation. Because of their mission of teaching and learning, colleges are a primary source of training the technical workforce in computer and network security. They play an important role in cybersecurity. This module provides network security information for higher education broadband networks; explaining tools that should be used to prevent and/or detect threats to these networks. These tools, and the skills needed to use them, can be used to address WLAN security issues in the educational, business, and government settings.