Because traffic flows through radio waves in wireless networks, it is easy for an attacker to monitor and attack data without having to be physically connected to the network. Attackers gain access to the network to be within range of a wireless network that is not protected. A technician must know how to configure wireless access points and network interface card (NIC) to the appropriate level of security.
When installing the wireless service, you must apply wireless security techniques immediately to prevent unwanted access to the network as shown in Figure 1. Wireless access points must be configured with basic security settings that are compatible with existing network security.
An attacker can access data when transmitted over radio signals. A wireless encryption system can be used to prevent unwanted capture and use of data by encoding information transmitted. Both ends of each link must use the same encryption standard. Figure 2 shows the level of security that is described here:
Wired Equivalent Privacy (WEP) - The first-generation security standard for wireless. Attackers quickly discovered that WEP encryption is easy to break. Encryption key used to encrypt the message can be detected by the monitoring program. After the key is obtained, messages can be easily translated.
Wi-Fi Protected Access (WPA) - an improved version of WEP. It was created as a temporary solution until the 802.11i (a security layer for wireless systems) are fully implemented. Now it has been ratified 802.11i, WPA2 was released. It covers the entire 802.11i standard.
Lightweight Extensible Authentication Protocol (LEAP), also called EAP-Cisco - a wireless security protocol created by Cisco to overcome the weaknesses of WEP and WPA. LEAP is a good choice when using Cisco equipment in conjunction with operating systems such as Windows and Linux.
Wireless Transport Layer Security (WTLS) is a security layer that is used in mobile devices that use Wireless Application Protocol (WAP). Mobile devices do not have a lot of spare bandwidth to devote to security protocols. WTLS is designed to provide security for WAP devices are bandwidth efficient.
Keeping the Wireless Security
Wireless is a wireless network / wireless start we find today, especially in cafes, shopping malls, restaurants, schools, colleges and other public places. This is due to facilitate access without the use of cables and for pemasangannyapun very easy. Wireless uses radio waves so it is very easy to hack (hack) Well here are a few ways to secure a wireless that I found from a blogger friend named Maya Ihara, immediately wrote ya read:
1. Using Encryption.
Encryption is the first security, but there are still many wireless access points (APs) are not using encryption as its default. Although many AP has had a Wired Equivalent Privacy (WEP) protocol, but not enabled by default. WEP does have some holes in its security, and an experienced hacker can definitely open, but it is still better than no encryption at all. Be sure to enable WEP authentication method with "shared key" instead of "open system". To "open system", the AP does not perform data encryption, but only authenticate the client. Change the WEP key as often as possible, and use 128-bit WEP avoid using 40-bit.
2. Use Strong Encryption.
Because of weaknesses in WEP, it is recommended to use Wi-Fi Protected Access (WPA) as well. To use WPA, the AP must be to support her. The client side also must be able to support the WPA. However, this time almost all of the Access Point and the user / client supports WPA.
3. Change Password Administrator standard.
Most manufacturers use the same administrative password for all APs their products. The default password is generally known by hackers, which can later be used to alter the settings on your AP. The first thing that must be done in the AP configuration is to change the default password. Use at least 8 characters, a combination of letters, function and numbers, and do not use the words in the dictionary.
4. Turn off SSID Broadcasting.
Service Set Identifier (SSID) is the name of our wireless network. By default, the SSID of the AP will be broadcast or published. This will make the user easy to find your network, because the SSID will appear in the list of available networks that exist in the wireless client. If the SSID is turned off, users must first know the SSID to connect to the network.
5. Turn off the AP When Not Used.
The way this one looks very simple and trivial, but few companies or individuals do not do it. If we have users who only connect at certain times only, there is no reason to run a wireless network at any time and provide an opportunity for an intruder to execute his evil intentions. We can turn off access point when not in use.
6. Change the default SSID.
Factory provides a default SSID. Usefulness of deadly SSID broadcast is to prevent other people know the name of our network, but if you still use the default SSID, it will not be difficult to guess the SSID of the network we are.
7. Using MAC Filtering.
Most AP will allow us to wear filter Media Access Control (MAC). This means that we can create a "white list" of computers may access our wireless network, based on the MAC or physical address of the network card in each PC or laptop. Connection of the MAC is not in the list will be rejected. This method is not always safe, because it is still possible for a hacker to do packet sniffing that we transmit via the wireless network and get the MAC address that is valid from one user, and then use it to make a spoof. But MAC filtering will create considerable difficulties for an intruder who still has not been very good at.
8. Isolating Network Wireless LAN.
To protect the cable from the internal network threats coming from the wireless network, it would need to be made wireless DMZ (Demiliterize Zone) or perimeter network is isolated from the LAN. That is, install a firewall between the wireless network and LAN. And for the wireless client that needs access to the internal network, he must first authenticate with RAS server or using a VPN. This provides an extra layer of protection.
9. Controlling Wireless Signal.
02.11b WAP emit up to about 300 feet. But this distance can be added by replacing the antenna with the better. By using high-gain antenna, we can get more distance. Directional antenna will transmit a signal to a particular direction, and radiance is not circular as in omnidirectional antennas that are usually found on standard AP package. Additionally, by selecting the appropriate antenna, we can control the distance and direction signals to protect themselves from intruders. In addition, there are several settings that can be AP signal strength and direction through the WAP config.
10. Radiating waves at different frequencies.
One way to hide from hackers who often use technologies 802.11b / g is more popular is to use 802.11a. Because 802.11a works on different frequencies (ie at a frequency of 5 GHz), NIC, designed to work on popular technology will not be able to catch the signals. But, of course, you will experience a decline in the quality of the data transmission speed of your wireless network
Method Securing Wireless Networks
Here is a security feature HotSpot sorted from the start implemented as standard in the Wi-Fi network:
WEP (Wireless Equivalent Privacy)
Is a security feature on the network Wireless / HotSpot first implemented and used as an international standard. Almost all wireless devices have this method. WEP uses RC4 encryption method for scrambling / encrypting data will miss at jaraingan Wireless.
WPA (Wi-Fi Protected Access)
WPA is based on the IEEE 802.11i standard. WPA 2 versions, which version 1 supports several encryption methods, namely:
- TKIP (Temporal Key Integrity Protocol)
- WPA was developed to feature as the development of WEP which can be upgraded to firmware update 802.11melalui hardware. is part of 802.11i.
- AES-CCMP
- WPA Enterprise uses Radius-based authentication with 802.1x standards
- Personal use WPA PSK (Pre Shared Key) to encrypt data using a passphrase of 8 to 63 characters. Can also use 64 characters Hexadecimal. Weak Passpharase can be penetrated using a dictionary attack (Database password). But WPA still safe, when used with Passpharase the "Good" or 64 Hexadecimal characters that are not easy to remember man.
- WPA + EAP (Extensible Authentication Protocol)
- Many derivatives of development WPA + EAP eg EAP-MD5, PEAPv0, PEAPv1, EAP-MSCHAPv2, LEAP, EAP-FAST, EAP-TLS, EAP-TTLS, MSCHAv2, EAP-SIM, LEAP, PEAP, EAP-TLS.
- LEAP (Lightweight Extensible Authentication Protocol) is more secure than EAP-MD5 EAP-MD5 is not yet safe from the cracker.
- PEAP (Protected Extensible Authenticatoin Protocol) enables secure wireless paths for exchanging data, passwords and encryption keys without the need for server certificate again. Features PEAP was developed by CISCO, MICROSOFT and RSA SECURITY.
- EAP-TLS provides excellent security for two-way authentication. Client and Network in using certificate authentication and WEP-KEY per Session.EAP also uses a centralized authentication server.
WPA v2 is a version of Wi-Fi Alliance output of the final 802.11i standard. Both WPA and WPA2 support EAP authentication using a radius server and PSK (Pre Shared Key).
All of these security systems have weaknesses and strengths of each of which can be tolerated in the state but in other conditions can not be tolerated. Then from all the above security features, which are suitable for me? all depends on how important security for your wireless network.
When very important, then apply the most secure systems today, namely WPA + EAP using Radius, namely EAP-TLS. Surely the answer is different when wireless security system is not too important. If so, you can use WEP or WPA Personal method.
And of course, make it more difficult in Hack / The translucent by crackers, use Passpharase complicated and do not form a sentence. if possible on WPA using 64 characters
Hexadecimal.
Of course, does not mean it can not penetrate, but complicates cracker to break down your wireless network. Usually the wireless network easily penetrated because of weak passpharase used. With weak Passpharase used, a high school kid with a capital cracker software WEP / WPA, laptop, Wireless Device and a 15dBi antenna alone can penetrate the wireless network in a matter of minutes.
Well, the conclusion is as follows:
- Use the security features that are in your wireless hardware. The more expensive the price of the hardware, the more complete security features. You get something in accordance with the price you paid.
- Use Passpharase is not easy to guess or use the full 64 Hexadecimal characters for a WPA key
- Wherever possible use and enable WPA features
- If possible, apply security WPA using EAP and Radius server.
- More advanced again, use Web Log HTTPS + Radius, such as 802.1x systems in large enterprises. Login to the web, and can use one of the services that indohotspot.net provide a low cost without requiring a server investment. And server software that we provide, and you just use a wireless router that supports DDWRT Standart version. Thereby implementing a reliable security system in your wireless network does not need to be expensive.
- Give knowledge of the wirelss network security system for your users and store user and password fine when there is to prevent the leakage of the user.
Thus some way to securing wireless networks / HotSpot you, good to be applied anywhere, whether the wireless network for schools, offices, cafes, hospitals, hotels, apartments, and more.
|