| What about security for WLAN? Today wireless | | | | WI-Fi Alliance launched WPA2 in September |
| networks are at least secure as wired. You | | | | 2004. It is certified interoperable version |
| only have to use right tools and | | | | of WPA. WPA2 besides PSK 802.1X/EAP |
| configurations. | | | | authentication, use advanced encryption |
| | | | mechanism. |
| Physical security is most important part of | | | | |
| security. If you do not have physical access | | | | This new mechanism is Counter-Mode/CBC-MAC |
| to network, you can not use it. If you can | | | | Protocol (CCMP) called Advanced Encryption |
| not plug cable you do not have network. This | | | | Standard (AEP). |
| is situation in wired word. | | | | |
| | | | WPA and WPA2 have 2 certification modes. |
| The biggest security problem, in any type | | | | |
| wireless network, is lack of physical | | | | |
| security. | | | | |
| | | | 1. Enterprise |
| 802.11 standards use Authentication as | | | | |
| replacement for physical security. Problem is | | | | 2. Personal |
| that application uses WEP as encryption. | | | | |
| | | | You have 4 different versions of Wi-Fi |
| WEP - Wired Equivalent Privacy has never | | | | CERTIFIED devices: |
| deserved its name. It does not take more than | | | | |
| 2 minutes, with cracking tools, to break WEP. | | | | 1) WPA-Personal |
| | | | |
| First WEP versions have used 64-bit shared | | | | 2) WPA2-Personal |
| key. 40 bits are for a shared secret and 24 | | | | |
| bits are for IV (initialization vector). IV | | | | 3) WPA-Enterprise |
| is used that receiver could decrypt the | | | | |
| frame. | | | | 4) WPA2-Enterprise |
| | | | |
| Next improvement of first WEP key was 128-bit | | | | Personal Mode is designed for home and office |
| shared WEP key. With that WEP version 104 | | | | (SOHO) environment. You do not need |
| bits are used for shared key and 24 for | | | | authentication server (Radius or IAS). |
| initialization vector. | | | | |
| | | | It uses manually entered PSK (pre-shared key |
| IEEE proposed in 2004 new version of WEP - | | | | or pass-phrase). Security level of your |
| WEP2. It uses the same RC4 algorithm with | | | | wireless network is based on this PSK. |
| 128-bit initialization vector. WEP2 has not | | | | |
| improved significantly security. It only | | | | So, use mix of letters, numbers and |
| increases time for cracking. | | | | non-alphanumerical characters. |
| | | | |
| Next step in wireless security is WPA - Wi-Fi | | | | Personal mode uses methods of encryption as |
| Protected Access. | | | | Enterprise-per-user, per-session, per-packet |
| | | | encryption with TKIP (WEP) or AES (WEP2). |
| What is WPA encryption? Wi-Fi Alliance | | | | |
| launched in October 2003 Wi-Fi Protected | | | | Enterprise Mode operates in managed mode with |
| Access - WPA, the next generation in WLAN | | | | authentication servers (Radius or IAS). With |
| security. Wi-Fi Protected Access does not | | | | this mode you can meet rigorous requirements |
| require a hardware upgrade in 802.11 | | | | of enterprise security. |
| equipment. | | | | |
| | | | Most of access points and wireless routers |
| Only software and firmware upgrade is needed | | | | have option of MAC filtering. With MAC |
| and it makes minimal degradation in network | | | | filtering, you can restrict access to |
| performance. | | | | stations that you have entered in MAC |
| | | | filtering list. |
| WPA was designed as an answer for all WEP | | | | |
| weaknesses. It uses Temporal Key Integrity | | | | The main key to wireless security is to put |
| Protocol (TKIP) with Message Integrity Check | | | | as many obstacles as you could. If you |
| (MIC). It also has mutual pre-shared key | | | | simultaneously use WEP, WPA, MAC filtering, |
| (PSK) authentication scheme using 802.11X | | | | and if you use IPsec tunnel and SSH then your |
| EAP. | | | | wireless network is secure like it's wired. |
| | | | |