The document discusses wireless network security and methods to prevent unauthorized access. It describes common types of wireless encryption like WEP and WPA and risks from rogue access points. Effective wireless security policies and systems like WIPS are important to enforce policies and prevent intrusion. Potential modes of unauthorized network access are also outlined, as well as security measures, mobile device security categories, and methods for implementing network encryption using authentication servers and client software. Open access points are also discussed, with arguments for and against allowing public access to wireless networks.

2. Wireless security - is the prevention of
unauthorized access or damage to computers using
wireless networks.
The most common types of wireless security are:
Wired Equivalent Privacy (WEP) - is one of
the least secure forms of security.
Wi-Fi Protected Access (WPA) - was a quick
alternative to improve security over WEP.

3. The threat situation
Wireless security is just an aspect of computer security,
however organizations may be particularly vulnerable to
security breaches caused by rogue access points.
The mobility advantage
It's very important that enterprises define effective
wireless security policies that guard against
unauthorized access to important resources. Wireless
Intrusion Prevention Systems (WIPS) or Wireless
Intrusion Detection Systems (WIDS) are commonly used
to enforce wireless security policies.

4. Modes of unauthorized access:
 Accidental association
 Malicious association
 Ad-hoc networks
 Non-traditional network
 Identity theft (MAC spoofing)
 Man-in-the-middle attacks
 Denial of service
 Network injection
 Caffe Latte attack

5. Wireless intrusion prevention concepts
There are three principal ways to secure a wireless network:
1. For closed networks (like home users and organizations) the
most common way is to configure access restrictions in the
access points.
2. For commercial providers, hotspots, and large organizations,
the preferred solution is often to have an open and
unencrypted, but completely isolated wireless network.
3. Wireless networks are less secure than wired ones; in many
offices intruders can easily visit and hook up their own
computer to the wired network without problems, gaining
access to the network, and it's also often possible for remote
intruders to gain access to the network through backdoors like
Back Orifice.

6. A wireless intrusion prevention
system (WIPS)
- is a concept for the most robust way to
counteract wireless security risks. However
such WIPS does not exist as a ready designed
solution to implement as a software package. A
WIPS is typically implemented as an overlay to
an existing Wireless LAN infrastructure,
although it may be deployed standalone to
enforce no-wireless policies within an
organization.

7. Security measures
 Temporal Key Integrity Protocol
 Extensible Authentication Protocol
 Lightweight Extensible Authentication Protocol
 Lightweight Extensible Authentication Protocol
 Restricted access networks
 WLAN Authentication and Privacy Infrastructure
 Smart cards, USB tokens, and software tokens
 HIDE SSID
 RF shielding
 MAC ID filtering
 WPAv2
 Static IP addressing
 802.11i security
 802.11 security
 End-to-end encryption
 Regular WEP
 WPAv1

8. Mobile devices
Security within mobile devices fall under
three categories:
1. Protecting against ad-hoc networks
2. Connecting to rogue access points
3. Mutual authentication schemes such as
WPA2 as described above

9. Implementing network encryption
Server software required is a enterprise
authentication server such as RADIUS, ADS,
NDS, or LDAP.
Software includes:
 Cisco Secure Access Control Software
 Microsoft Internet Authentication Service
 Meetinghouse Data EAGIS
 Funk Software Steel Belted RADIUS (Odyssey)
freeRADIUS (open-source)
 SkyFriendz (free cloud solution based on
freeRADIUS)

10. Client software comes built-in with Windows
XP and may be integrated into other OS's
using any of following software:
• Intel PROSet/Wireless Software
• Cisco ACU-client
• Odyssey client
• AEGIS-client Xsupplicant (open1X)-project

11. Open access points
According to the advocates of Open Access Points, it
shouldn't involve any significant risks to open up wireless
networks for the public:
a) The wireless network is after all confined to a
small geographical area.
b) The only way to keep communication truly secure
is to use end-to-end encryption
c) If services like file shares, access to printers etc.
are available on the local net, it is advisable to
have authentication (i.e. by password) for
accessing it.

12. a) With the most popular encryption algorithms
today, a sniffer will usually be able to compute
the network key in a few minutes.
b) It is very common to pay a fixed monthly fee
for the Internet connection, and not for the
traffic - thus extra traffic will not be
detrimental.
c) Where Internet connections are plentiful and
cheap, freeloaders will seldom be a prominent
nuisance.

13. Prepared by:
MARYNOL D. CAHINDE