Basic Wireless LAN Security
Although having a wireless LAN sounds like a wonderful idea, there are things that need to be implemented like security. A wireless LAN can be uncontrollable has it is just radio waves and anybody can receive them. Having and using good security practices can help you be under control of your wireless LAN. Not having any security in a wireless LAN environment will cause anybody to have access to the network. Some threats that lead to wireless LANs can be the following:
- War Drivers – These are people who "drive" around to find open networks that are not secure and looking for free internet access.
- Hackers – These types of people usually have malicious ideas in mind; this can be anything to entering unauthorized systems and stealing data or even harming the physical system.
- Employees –Although we may have an excellent defense on the outside of our network, we sometimes forget that the inside of our network needs to be secure as well.
In the original 802.11 standard there were two types of authentication:
- Open authentication, which as the name implies has no authentication and will allow anybody to use the network.
- Shared authentication, which used WEP and is now flawed, The WEP algorithm was weak and WEP was also not very scalable. (See post Cracking WEP)
Currently there are two enterprise-level encryption methods which are specified in the 802.11i and are certified as WPA and WPA2:
- TKIP is an encryption method certified has WPA, TKIP supports for legacy WLAN equipment by fixing the flaws with the original 802.11 WEP encryption. TKIP encrypts at the layer 2 (Data Link) payloads and carries a message of integrity check (Message Integrity Check) in the encrypted packet. This helps to make sure the message or packet was not tampered with.
- AES is an encryption method certified has WPA2, AES has the same functions as TKIP but does use additional data from the MAC header to recognize if the data has been tampered with.
Some steps to check when setting up a wireless LAN is the following:
- Check the wired network, like DHCP and Internet access before setting up a wireless access point.
- Next install the access point but by keeping it away from devices that could case greater interference .
- Configure the SSID on the access point. Don't put security on the access point yet.
- Configure or install one or two wireless clients. Don't put security on these devices yet.
- Verify wireless network operation within the clients. Check to make sure you can get access to network resources and outside the network.
- Configure wireless security. Such as WPA2 with PSK .
- Verify network operation again to make sure that the wireless clients can get access to network resources.
For now that's my summary for the basic wireless security, this really goes over the concepts but not the configuration. There are a lot of online guides that can go into the configuration aspect of the wireless client and the access point. Like always I hope this information was informative and if you come up with any other ideas that deal with either ICND1 or ICND2 let me know by posting a comment below.
- Does Your Small Business Need a Wireless LAN Controller? (blogs.cisco.com)
- Basic Wireless Concepts (ciscoskills.net)
- Securing Remote Locations in 3 Steps (blogs.cisco.com)
- Home Wi-Fi Security: 4 Steps to Avoid Trouble (pcworld.com)
- Advantages/Disadvantages: WEP/WPA Network Security (brighthub.com)
[...] Basic Wireless LAN Security (ciscoskills.net) [...]