CompTIA® Network+ Exam Notes : Securing Basic Wireless Network

4. Network Security

4.3 Securing basic wireless network

The ISM band channels allocated for WiFi use are shown in the diagram below. Note that the channels 1,6, and 11 are non-overlapping.

ISM band channels allocated for WiFi

In "ad-hoc" or Independent Basic Service Set (IBSS) configuration there is no backbone infrastructure. An IBSS is one BSS or Basic Service Set. Mobiles can talk to each other without the use of an Access Point (AP). In the Extended Service Set (ESS) configuration, there will be two or more Access Points (APs), and users can freely roam between the Access Points without any disconnection or reconfiguration. BSS will use only one Access Point.

SSID (short for service set identifier): It is a 32- character unique identifier attached to the header of packets when a host connects to a Wireless LAN. The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the same SSID. An SSID is also referred to as a network name because essentially it is a name that identifies a wireless network.

WEP (Wired Equivalent Protection): is a security standard for 802.11 WAP networks. WEP key length should be at least 40 bits long. Wireless networks broadcast messages using radio, and therefore more susceptible to eavesdropping than wired networks. WEP was intended to provide confidentiality comparable to that of a traditional wired network. WEP is 802.11's optional encryption standard implemented in the MAC Layer that most radio network interface card (NIC) and access point vendors support. If a user activates WEP, the NIC encrypts the payload (frame body and CRC) of each 802.11 frame before transmission using an RC4 stream cipher provided by RSA Security. The receiving station, such as an access point or another radio NIC, performs decryption upon arrival of the frame. Note that, 802.11 WEP only encrypts data between 802.11 stations. Once the frame enters the wired side of the network, such as between access points, WEP no longer applies.

WEP encryption: It allows an attacker using readily available software to crack the key within minutes. WEP encryption uses a shared key authentication and sends the same key with data packets being transmitted across the wireless network. If malicious users have enough time and gather enough data they can eventually piece together their own key. Another disadvantage to using WEP encryption is that if the master key needs to be changed, it will have to be manually changed on all devices connected to the network. This can be a tedious task if you have many devices connected to your network.

Wi-Fi Protected Access (WPA and WPA2): is a class of systems to secure wireless (Wi-Fi) computer networks. WPA is forward compatible with the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared.

802.11i includes dynamic key exchange, stronger encryption, and user authentication. It is not backward compatible with WPA. The 802.11i standard is widely known as WPA2. Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. WPA2 became available in 2004 and is a common shorthand for the full IEEE 802.11i

The key features of the WPA protocol are given below:

1. It supports both static and dynamic key distribution

2. It provides Device Authentication, as well as User Authentication.

3. It uses TKIP (Temporal Key Integrity Protocol) encryption for dynamic key exchange. Note that WPA2 uses AES encryption where as WPA uses TKIP. AES encryption is a stronger encryption protocol.

4. WPA is forward compatible with WPA2.

images/pin-icon.png

1. WEP uses RC4 stream encryption

2. WPA uses TKIP Encryption.

3. WPA2 uses AES-CCMP Encryption

4. WAP allows a mobile user to connect to a wired network.

5. WAP is extensively used to access the Internet using wireless technologies.

Hotspot: A hotspot is any location where Wi-Fi network access (usually Internet access) is made publicly available. You can often find hotspots in airports, hotels, coffee shops, and other places where business people tend to congregate.

Previous   Contents   Next


Network+ Cram Notes Contents certexams.com ad