| What about security for WLAN? Today wireless | | | | certified interoperable version of WPA. WPA2 besides |
| networks are at least secure as wired. You only have | | | | PSK 802.1X/EAP authentication, use advanced |
| to use right tools and configurations. | | | | encryption mechanism. |
| Physical security is most important part of security. If | | | | This new mechanism is Counter-Mode/CBC-MAC |
| you do not have physical access to network, you can | | | | Protocol (CCMP) called Advanced Encryption |
| not use it. If you can not plug cable you do not have | | | | Standard (AEP). |
| network. This is situation in wired word. | | | | WPA and WPA2 have 2 certification modes. |
| The biggest security problem, in any type wireless | | | | |
| network, is lack of physical security. | | | | 1. Enterprise |
| 802.11 standards use Authentication as replacement | | | | 2. Personal |
| for physical security. Problem is that application uses | | | | You have 4 different versions of Wi-Fi CERTIFIED |
| WEP as encryption. | | | | devices: |
| WEP - Wired Equivalent Privacy has never deserved | | | | 1) WPA-Personal |
| its name. It does not take more than 2 minutes, with | | | | 2) WPA2-Personal |
| cracking tools, to break WEP. | | | | 3) WPA-Enterprise |
| First WEP versions have used 64-bit shared key. 40 | | | | 4) WPA2-Enterprise |
| bits are for a shared secret and 24 bits are for IV | | | | Personal Mode is designed for home and office |
| (initialization vector). IV is used that receiver could | | | | (SOHO) environment. You do not need authentication |
| decrypt the frame. | | | | server (Radius or IAS). |
| Next improvement of first WEP key was 128-bit | | | | It uses manually entered PSK (pre-shared key or |
| shared WEP key. With that WEP version 104 bits are | | | | pass-phrase). Security level of your wireless network |
| used for shared key and 24 for initialization vector. | | | | is based on this PSK. |
| IEEE proposed in 2004 new version of WEP - WEP2. | | | | So, use mix of letters, numbers and non-alphanumerical |
| It uses the same RC4 algorithm with 128-bit initialization | | | | characters. |
| vector. WEP2 has not improved significantly security. It | | | | Personal mode uses methods of encryption as |
| only increases time for cracking. | | | | Enterprise-per-user, per-session, per-packet encryption |
| Next step in wireless security is WPA - Wi-Fi | | | | with TKIP (WEP) or AES (WEP2). |
| Protected Access. | | | | Enterprise Mode operates in managed mode with |
| What is WPA encryption? Wi-Fi Alliance launched in | | | | authentication servers (Radius or IAS). With this mode |
| October 2003 Wi-Fi Protected Access - WPA, the | | | | you can meet rigorous requirements of enterprise |
| next generation in WLAN security. Wi-Fi Protected | | | | security. |
| Access does not require a hardware upgrade in 802.11 | | | | Most of access points and wireless routers have |
| equipment. | | | | option of MAC filtering. With MAC filtering, you can |
| Only software and firmware upgrade is needed and it | | | | restrict access to stations that you have entered in |
| makes minimal degradation in network performance. | | | | MAC filtering list. |
| WPA was designed as an answer for all WEP | | | | The main key to wireless security is to put as many |
| weaknesses. It uses Temporal Key Integrity Protocol | | | | obstacles as you could. If you simultaneously use |
| (TKIP) with Message Integrity Check (MIC). It also has | | | | WEP, WPA, MAC filtering, and if you use IPsec tunnel |
| mutual pre-shared key (PSK) authentication scheme | | | | and SSH then your wireless network is secure like it's |
| using 802.11X/EAP. | | | | wired. |
| WI-Fi Alliance launched WPA2 in September 2004. It is | | | | |