Network Security : Wireless
Security Measures, Network Access Security, Methods
Of User Authentication
5. Network Security
5.1 Given a scenario, implement
appropriate wireless security measures.
WEP (Wired Equivalent Privacy) : A deprecated wireless
network security standard, less secure than WPA. Key
size is 64 bit. WEP aims to provide security by encrypting
data over radio waves so that it is protected as it
is transmitted from one end point to another. However,
it has been found that WEP is not very secure. WEP is
used at the two lowest layers of the OSI model - the
data link and physical layers; it therefore does not
offer end-to-end security.
WPA (Wi-Fi Protected Access) : A wireless encryption
standard created by the Wi-Fi Alliance to secure wireless
computer networks. WPA improves on the authentication
and encryption features of WEP (Wired Equivalent Privacy).
Key size is 128 bits. WPA provides stronger encryption
than WEP through use of either of two standard technologies:
Temporal Key Integrity Protocol (TKIP) and Advanced
Encryption Standard (AES). WPA also includes built-in
authentication support that WEP does not offer. WPA
provides comparable security to VPN tunneling with WEP,
with the benefit of easier administration and use.
WPA2 (Wi-Fi Protected Access Version 2) : It is wireless
encryption protocol and is based on the IEEE 802.11i
technology standard for data encryption. Key size is
256 bits. It is more secure than WPA and WEP. WPA2 also
improves the security of Wi-Fi connections by requiring
use of stronger wireless encryption than what WPA requires.
Specifically, WPA2 does not allow use of an algorithm
called TKIP (Temporal Key Integrity Protocol) that has
known security holes (limitations) in the original WPA
implementation. There are two versions of WPA2: WPA2-Personal,
and WPA2-Enterprise. WPA2-Personal protects unauthorized
network access by utilizing a set-up password. WPA2-Enterprise
verifies network users through a server. WPA2 is backward
compatible with WPA.
MAC Filtering : Every Wi-Fi device is assigned a
MAC (Media Access Control) address, a unique 12-digit
hexadecimal identifier issued by the IEEE, the standards
body that developed the Wi-Fi protocol. The MAC address
is "hard-coded" in to the device and sent automatically
to a Wi-Fi access point when the device tries to connect
to the network.
Using the access point configuration software, you
can create a safe list of allowed client devices or
a black list of banned devices. If MAC filtering is
activated, regardless of what encryption security is
in place, the AP only allows devices on the safe list
to connect, or blocks all devices on the black list
- irrespective of encryption used.
Encryption protocols like WPA2 (Wi-Fi Protected Access
2), reduced the necessity for using MAC filtering. Hackers
may break in to MAC filtering device by sniffing addresses
of connected devices and then spoofing or masquerading
as one of them.
To enable MAC address filtering and to allow the
devices with matching MAC addresses, perform these steps
(these steps are generic in nature, and likely to change
from one device type to another):