New practices in wireless security: advanced security solutions will help protect both wired and wireless networks

Communications News,  June, 2004  by Mitchell Ashley

• E-mail
• Print
• Link

Unlike external traffic entering a wired network that is policed by firewall and intrusion-prevention technologies, wireless LANs lack the equivalent physical control, exposing information assets to a greater level of risk. Of even more concern is the mobility of the devices connecting to wireless LANs and the increased exposure this introduces to the internal network.

The weak security of wired equivalent privacy (WEP) has been well documented. Network administrators frequently choose not to implement WEP's shared key technology so as nor to give a false sense of security. Others choose to implement WISP simply to increase the work factor required to hack into the network.

Most Popular Articles in Technology

An overview of continuous data protection

Why all those current ratings?

Many countries now have a mobile penetration rate above 100%, report says

The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...

MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...

More »

Stronger security options for 802.11 WLAN networks (Wi-Fi) are now available, and others will be offered in the near future. The immediate cure to WEP's ailments is Wi-Fi protected access (WPA), which offers two configuration options, one targeted at home users and smaller networks, and the second designed for larger networks.

WPA preshared key (WPA-PSK) is best suited for small businesses and home wireless networks. A shared key, or password, is configured in the wireless access point (WAP) and any wireless laptop or desktop devices. WPA-PSK generates a unique key for each session between a wireless client and the associated WAR The unique key used in the client-to-access-point communications makes reverse engineering of the preshared key more difficult for would-be attackers.

WPA-PSK uses more advanced security techniques to encrypt and monitor the message stream. While WPA-PSK still uses the RC4 encryption standard used in WEP, it implements temporal key integrity protocol (TKIP), which provides per-packet key mixing, a message integrity check and a re-keying mechanism. TKIP's algorithms and method-integrity checking techniques prevent the unwanted decryption of and tampering with packets in the wireless message stream.

One pitfall of WPA-PSK is that the preshared key is subject to dictionary attacks (guessing of commonly used passwords). Good password-management techniques, such as long passwords, and the mixing of alphanumeric characters and punctuation marks are required to help reduce the chance of a successful attack.

RADIUS FOR LARGER NETWORKS

Larger networks can use WPA 802.1X/EAP, or Radius, for implementing WPA security. While more complicated to set up than WPA-PSK, this method can leverage an existing network and directory infrastructure to require a unique user ID and password for each wireless user connecting to the WLAN.

Rather than relying on a predefined shared key, WPA 802.1X/EAP employs a user ID and password to authenticate each wireless device when it associates with a WAR The credentials supplied are validated against a Radius server or a directory server (such as Windows Active Directory) supporting the Radius protocol.

Once the device is authenticated, WPA 802.1X produces a unique master key for that wireless device's session. TKIP is then used to distribute this key to the client. The same encryption and message-integrity checking implemented in WPA-PSK is used from this point forward.

Additional wireless security options will be offered through the 802.11i standards efforts. 802.11i will include implementation of TKIP, as well as advanced encryption standards (AES). The stronger encryption offered by AES will require WAP hardware upgrades due to the CPU-intensive nature of AES.

Microsoft Windows is also doing its part to support WPA in Windows XR The upgrade is free to Windows XP users and can be installed simply through Windows Update. The Windows WPA patch is also beneficial in that prior to connection it identifies to the end-user WAPs that do not use adequate security settings.

Most WAPs now ship with WPA options or can be easily upgraded in a matter of minutes over the Internet. If you use a WAP that does not support WPA, either upgrade it immediately or switch to equipment that does. Reconfigure all of your access points at work and at home to use WPA. There is no longer any reason to be using WEP, or even worse, no security settings at all.

SECURITY RECOMMENDATIONS

A word to the wise, though: most WAPs still ship with no security enabled, so be sure to configure the security set tings on all WAPs. Additional WAP security recommendations are:

* Change the administrator password using good password-management techniques.

* Change the default service set identifier (SSID) to a non-descriptive SSID, using the same good password-management techniques.

* Disable broadcasting the SSID.

* Limit the broadcasting range to the coverage area that is actually needed.

* Enable the onboard firewall if you are using a combination router/ WAP in home and small office situations.

* Do not enable remote management of the WAP unless the device has been adequately secured.

WPA, however, is not the final answer to security. The most recent wave of worms, Trojans and viruses demonstrate how vulnerable even wired network defenses are to attacks against devices behind the firewall. Many of these attacks take advantage of normal activities end-users perform, such as opening zipped attachments, clicking on links or running executables disguised as security patches.

Find Research Guides for:

• Abortion
• ADHD
• AIDS
• Alternative Energy
• Alternative Medicine
• Cancer
• Capital Punishment
• Cloning
• Hate Crime
• Cryonics
• Drug Abuse
• Eating Disorders
• Gay Issues
• Global Warming
• Holidays
• Immigration
• Medical
• Men's Health
• Mental Health
• Real Estate
• Stem Cells
• Women's Health

Find Featured Titles for: Business

• Academy of Marketing Science Review
• Accounting Historians Journal, The
• Accounting History
• AgExporter
• Agricultural Research
• Agricultural and Resource Economics Review
• Air Force Comptroller
• Air Safety Week
• Airline Industry Information
• American Demographics
• American Journal of Potato Research
• Architectural Review, The
• Asian Economic News
• Entrepreneur

Most Popular Articles in Technology

• An overview of continuous data protection
• Why all those current ratings?
• Many countries now have a mobile penetration rate above 100%, report says
• The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...
• MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...
• More »

Most Popular Publications in Technology

• Computer Technology Review
• Japan, Inc.
• Communications News
• Internet Business News
• Macworld
• More »