- How to Secure Your Wireless Network
Securing Your Wireless Network
Encryption scrambles the information you send over the internet into a code so
Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP).
Your computer, router, and other equipment must use the same encryption.
WPA2 is strongest
Secure Your Computer and Router
Use anti-virus and anti-spyware software, and a firewall
Change the name of your router from the default.
The name of your router (often called the service set identifier or SSID) is likely to be a standard
Change the name to something unique that only you know.
Change your router's pre-set password. The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router
Limit Access to Your Network
Allow only specific computers to access your wireless network.
Wireless routers usually have a mechanism to allow only devices with particular MAC addresses to access to the network.
Some hackers have mimicked MAC addresses
Turn off your wireless network when you know you won't use it.
Don’t Assume That Public Wi-Fi Networks Are Secure
Be cautious about the information you access or send from a public wireless network.
Many
These "hot spots" are convenient, but they may not be secure.
You can be confident a hotspot is secure only if it asks you to provide a WPA password. If you're not sure, treat the network as if it were unsecured.
Protect Yourself When Using Public Wi-Fi
When using a Wi-Fi hotspot, only log in or send personal information to websites
Don’t stay permanently signed in
Do not use the same password on different websites. It could give someone who gains access to one of your accounts access
If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN)
Installing browser add-ons or plug-ins can help, too.
For example, Force-TLS and HTTPS-Everywhere are free Firefox
http://www.onguardonline.gov/articles/0013-securing-your-wireless-network
- SSID - Service Set Identifier
An SSID is the name of a wireless local area network (WLAN).
All wireless devices on a WLAN must
A network administrator often uses a public SSID, that
Some newer wireless access points disable the automatic SSID broadcast feature
Also Known As: Service Set Identifier, Network Name
http://compnetworking.
- How to Secure Your Wireless Network
The first line of defense for your Wi-Fi network is
Make sure you change the default network name and password on your router
The firewall built into your router prevents hackers on the Internet from getting access to your PC
For extra protection,
How can I secure my notebook at public Wi-Fi hotspots?
Verify that
Never send bank passwords, credit card numbers, confidential e-mail, or other sensitive data unless you're sure you're on a secure site
The best way to protect a public wireless link is by using a virtual private network, or VPN.
VPNs keep your communications safe by creating secure "tunnels" through which your encrypted data travels.
Many companies provide VPN service to their mobile and offsite workers,
http://www.pcworld.com/article/130330/article.html
- Wireless Encryption - WEP, WPA,WPA2
WEP.
Each packet of the Encryption has 24bits Initialization vector. Which unfortunately done in plaintext.
WPA
It is an interim solution that is used now until 802.11i comes out.
http://www.ezlan.net/wpa_wep.html
- WPA
Implements the majority of IEEE 802.11i
TKIP vs. AES-based CCMP
Defines the algorithm used for message integrity and confidentiality.
WPA was designed to be used with TKIP (and WPA2 designed to use stronger AES-based).
WPA2, aka 802.11i
Fully conforms with 802.11i as it implements all mandatory features.
EAP options
Authentication options for 802.11i
AES-based CCMP
WPA2 mandates AES-based CCMP for message integrity and confidentiality.
TKIP (weaker) is optional.
WEP
WEP was supposed to provide Confidentiality, but has found to be vulnerable and should no longer be used
https://learningnetwork.cisco.com/thread/11207
- wpa2 vs wpa2/wpa mixed mode
In mixed mode you can connect with WPA/TKIP and WPA2/AES
TKIP is not as secure as AES.Use AES only if possible.
when to use mix mode?
some older wireless clients are WPA/TKIP only which may leave you no choice but use mixed mode.
802.11n only supports AES for speeds higher than 54 Mbit/s
WPA and WPA2 mixed mode operation permits the coexistence of WPA and WPA2 clients on a common SSID
WPA2 is the next generation of Wi-Fi security
Wi-Fi Alliance's interoperable implementation of the ratified IEEE 802.11i standard.
It implements Advanced Encryption Standard (AES) encryption algorithm using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
http://community.linksys.com/t5/Wireless-Routers/wpa2-security-vs-wpa2-wpa-mixed-mode/td-p/469610
- WPA2 vs WPA for Wireless Security
newer version of Wireless Protected Access (WPA) security and access control technology for Wi-Fi wireless networking
It is designed to improve the security of Wi-Fi connections by requiring use of stronger wireless encryption than what WPA requires
WPA2 does not allow use of an algorithm called TKIP (Temporal Key Integrity Protocol) that has known security holes
http://compnetworking.about.com/b/2010/01/06/wpa2-vs-wpa-for-wireless-security.htm
WPA vs WPA2 (802.11i)
How your Choice Affects your Wireless Network Security
WPA still relies on the RC4 encryption algorithm and TKIP (Temporary Key Integrity Protocol)
the new 802.11i standard, also known as WPA2 by the WiFi Alliance.
What is 802.11i?
802.11i uses the concept of a Robust Security Network (RSN).
802.11i allows for various network implementations and can use TKIP, but by default RSN uses AES (Advanced Encryption Standard) and CCMP (Counter Mode CBC MAC Protocol) and it is this which provides for a stronger, scalable solution.
What is AES/CCMP?
Advanced Encryption Standard (AES) is the cipher system used by RSN.
It is the equivalent of the RC4 algorithm used by WPA.
However the encryption mechanism is much more complex and does not suffer from the problems associated with WEP.
AES is a block cipher, operating on blocks of data 128bits long
CCMP is the security protocol used by AES.
It is the equivalent of TKIP in WPA
http://www.openxtra.co.uk/articles/wpa-vs-80211i#ixzz2MfcPtrdb
- Wardriving
Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA).
http://en.wikipedia.org/wiki/Wardriving
- Originally the Authentication and Privacy mechanisms for Wi-Fi were very weak. The standard
had a simple option to provide encryption called Wired Equivalent Privacy WEP. WEP used a
key to encrypt traffic using the RC4 keystream. However, someone could compromise WEP
fairly quickly if they had the right tools and a reasonably powerful machine
Wi-Fi Protected Access WPA.
It added extra security features, but retained the RC4 algorithm, which made it easy for users to
upgrade their older devices. However, it still didn’t solve the fundamental security problem
new standard, based on the Advanced Encryption Standard AES, algorithm from the National
Institute of Standards and Technology NIST, was also introduced as Wi-Fi Protected Access 2
WPA2
new enterprise-grade authentication
was added to the technology, creating two flavors of each security style. The personal level of
security continued to use a Shared passphrase for network authentication and key exchange.
The enterprise level of security used 802.1x authentication mechanisms, similar to those used
on wired networks, to authenticate users and set up encryption. However, poorly chosen or
weak passphrases could still leave networks vulnerable
Released in 2018, Wi-Fi Protected Access 3 (WPA3) introduced a new, more secure handshake
for making connections, an easier method for adding devices to the network, increased key
sizes, and other security features
https://training.fortinet.com/pluginfile.php/1624883/mod_scorm/content/1/story_content/external_files/NSE%202%20WiFi%20Script_EN.pdf
No comments:
Post a Comment