Wireless Networks: Security


Wireless home networks allow you to use your computer from virtually anywhere in the house, as well as connect to other computers on the network or access the Internet.  A very important aspect to take into account about wireless networks is security since anyone who can connect to our network could use our services and even read the exchange of information from our machine with other hosts or the Internet. However, if the wireless network is not secure, there are very significant risks. 




  • Intercept the data you send or receive
  • Access your shared files
  • Hijack your Internet connection and use all the bandwidth or download limit

Internet Safety Tips to Protect Your Wireless Network

Here are a few simple steps you can take to protect your wireless network and routers:
WEP with shared key
It is the simplest authentication scheme but also very insecure. With WEP (Wired Equivalent Privacy) the network has a set of keys that each user must know in order to connect. The keys can be 40 and 104 bits, with an initialization vector (a pseudo-random value) of 24 bits, obtaining 64 bits in the first case and 128 bits in the second.
Connecting a client to a WEP-protected network requires the following steps:
1.    The client tells the AP that it wants to authenticate.
2.    The AP responds by sending you a challenge in plain text. It should be noted that a challenge is a random string of characters that is used to make sure that the other team knows the password but without sending it.
3.    The client takes one of the WEP keys it knows for the network encrypts the challenge with it, and sends it back to the AP.
4.    The AP checks the encrypted text that it received and if it matches the one it calculated (encrypting the same challenge with the same key) then it authenticates the client.
Authentication and encryption
WEP only provides a weak form of authentication and does not encrypt traffic on the wireless network. There are, then, other stronger authentication methods that also provide encryption for the exchanged packets. We can mention two technologies in this section: WPA and WPA2.
WPA and WPA2 
WPA (Wireless Protected Access) is an important improvement over WEP, as it uses dynamic keys to encrypt traffic on the network and also uses TKIP, which is a stronger authentication algorithm. However, TKIP is only an improvement over RC4 which is WEP's encryption algorithm, thus, although reduced, it still shares several of the problems of WEP. WPA can use AES which is a very secure algorithm but requires hardware support, which is why it is optional with WPA. The difference here with WPA2 is that the latter does not support TKIP, thus forcing the use of AES.
WPA and WPA2 can use two authentication modes. They are:
  • Enterprise: A RADIUS server is used for authentication.
  • Personal: it uses the shared key scheme, which, although it gives less security, is easier to configure and is usually used for a small network or a home.

 127.0.0.1-Home
Check the merchant: buy It Now
Other security considerations
There are several more actions that can be taken to protect a network. The most commons are:
  •  Filtered by MAC: in this case, a list is made with the MACs of the devices that are allowed to connect to the network, with which the AP will reject any equipment whose MAC is not on the list.
  • Hide SSID: As we have seen, the SSID is the name of the network. By hiding it, it is achieved that the network, although present, is not listed among the possible networks to connect to. For this reason, in order to connect to a hidden network, the client must expressly give its SSID.
  • Deactivate DHCP: when deactivating DHCP and assuming that a client has been able to connect to the network, then it should know the subnet used in it to be able to use the services.

It is worth clarifying that the previous methods only add some weak layers of security, effective for a user without much knowledge but totally useless to stop a person who spends only a few hours reading on the subject.



-->
A security measure that is totally independent of all the above has to do with the type of service to be provided on the wireless network and what access its clients should have to the wired network. Assuming you have a company with a corporate network in which access to various services is provided, such as shared files. If the information is sensitive, it is highly recommended that it be only accessible through the wired network and not through the wireless network.
A different subnet is then normally defined for wired and wireless networks, with different services in each of them. Usually, a firewall is configured in front of the wireless network that allows for example only web traffic. In this way, the Internet can be provided to mobile devices, but if they need to access the corporate network, they must connect with a cable. These types of measures are highly recommended since even if with all the security implemented, someone manages to associate with the wireless network, they will not be able to access the company's services.
<--
Awsome website templates are available. You can choose it according to the niche.
-->

Comments

Popular posts from this blog

SAP and Microsoft want the collaboration application to drive the jump to the cloud

Microsoft Mesh is the platform that Microsoft is creating for a virtual office in augmented reality

New Windows 365. The operating system to the cloud