Wireless security - is the prevention ofunauthorized access or damage to computers usingwireless networks.The most common types of wireless security are:Wired Equivalent Privacy (WEP) - is one ofthe least secure forms of security.Wi-Fi Protected Access (WPA) - was a quickalternative to improve security over WEP.
The threat situationWireless security is just an aspect of computer security,however organizations may be particularly vulnerable tosecurity breaches caused by rogue access points. The mobility advantageIts very important that enterprises define effectivewireless security policies that guard againstunauthorized access to important resources. WirelessIntrusion Prevention Systems (WIPS) or WirelessIntrusion Detection Systems (WIDS) are commonly usedto enforce wireless security policies.
Modes of unauthorized access: Accidental association Malicious association Ad-hoc networks Non-traditional network Identity theft (MAC spoofing) Man-in-the-middle attacks Denial of service Network injection Caffe Latte attack
Wireless intrusion prevention conceptsThere are three principal ways to secure a wireless network:1. For closed networks (like home users and organizations) the most common way is to configure access restrictions in the access points.2. For commercial providers, hotspots, and large organizations, the preferred solution is often to have an open and unencrypted, but completely isolated wireless network.3. Wireless networks are less secure than wired ones; in many offices intruders can easily visit and hook up their own computer to the wired network without problems, gaining access to the network, and its also often possible for remote intruders to gain access to the network through backdoors like Back Orifice.
A wireless intrusion preventionsystem (WIPS)- is a concept for the most robust way tocounteract wireless security risks. Howeversuch WIPS does not exist as a ready designedsolution to implement as a software package. AWIPS is typically implemented as an overlay toan existing Wireless LAN infrastructure,although it may be deployed standalone toenforce no-wireless policies within anorganization.
Mobile devicesSecurity within mobile devices fall underthree categories:1. Protecting against ad-hoc networks2. Connecting to rogue access points3. Mutual authentication schemes such as WPA2 as described above
Implementing network encryptionServer software required is a enterpriseauthentication server such as RADIUS, ADS,NDS, or LDAP.Software includes: Cisco Secure Access Control Software Microsoft Internet Authentication Service Meetinghouse Data EAGIS Funk Software Steel Belted RADIUS (Odyssey) freeRADIUS (open-source) SkyFriendz (free cloud solution based onfreeRADIUS)
Client software comes built-in with WindowsXP and may be integrated into other OSsusing any of following software:• Intel PROSet/Wireless Software• Cisco ACU-client• Odyssey client• AEGIS-client Xsupplicant (open1X)-project
Open access pointsAccording to the advocates of Open Access Points, itshouldnt involve any significant risks to open up wirelessnetworks for the public: a) The wireless network is after all confined to a small geographical area. b) The only way to keep communication truly secure is to use end-to-end encryption c) If services like file shares, access to printers etc. are available on the local net, it is advisable to have authentication (i.e. by password) for accessing it.
a) With the most popular encryption algorithms today, a sniffer will usually be able to compute the network key in a few minutes.b) It is very common to pay a fixed monthly fee for the Internet connection, and not for the traffic - thus extra traffic will not be detrimental.c) Where Internet connections are plentiful and cheap, freeloaders will seldom be a prominent nuisance.