A few years ago deploying a secure wireless network was a real challenge. The closest thing to a standard you could hope to use was some sort of dynamically keyed WEP scheme. If that wasn’t enough (and it probably wasn’t), then you had to go to a totally proprietary solution. These solutions offered much higher levels of protection, but at the price of total vendor dependence and a dubious upgrade path to standards compliance.

Today things are much easier; the proliferation of WPA support across all modern wireless devices and operating systems makes deploying a secure wireless network straightforward. Home users can simply use WPA-PSK, while businesses and other large organizations can use a RADIUS server and get strong, upgradeable authentication with dynamic key generation.

This chapter covers details of the various authentication and encryption schemes possible on 802.11 networks. Many aspects of WEP and its various band-aid solutions are covered. If you are securing a network with WPA, you can safely ignore all the perils and information associated with WEP and move straight into the section on WPA.

Techniques to secure your network that do not make use of WEP and WPA are also covered. These include higher-level authentication schemes, VPNs, and wireless intrusion detection systems.

Direct 802.11 Defenses
This section covers generic defenses that apply to all 802.11 configurations. Do not, however, assume techniques in this section provide security on their own. These are small tweaks that make finding or attacking a wireless network a little more difficult. These techniques will not prevent an attacker from breaking into your network, but at least they let outsiders know they aren’t welcome.

Read more »

All is not bleak, however. With the advent of many wireless attack methods, means to counter the attacks and reduce exposure are also available. The evolution of wireless security continues in a cycle IT professionals will recognize from wired network security-a game of cat and mouse. As new weaknesses are found in wireless networks and protocols, new methods and designs are put into place to address them.

One of the first efforts at securing 802.11 networks was WEP. The use of RC4 with 40-bit keys was considered sufficient. However, a flaw in the specification regarding the data fed into the RC4 algorithm was found that allowed attackers to derive the secret key used to protect traffic. In order to address that issue, WPA was created.

As of this writing, WPA2 is now available for 802.11X networks. Lessons learned from attacks against WEP and WPA, both practical and theoretical, have been applied in the design of WPA2. Other security mechanisms are being developed or have been deployed for various wireless protocols.

Increases in Wireless Security Mechanisms
Frequency hopping, a technique once used primarily by the military, is now used in many wireless networking protocols to make intercepting transmissions difficult. Specially designed antennas are used to reduce the area where radio transmissions can be received. Cryptographically strong hashing and encryption algorithms are being analyzed and implemented at multiple layers of the networking stack. These measures provide a defense in depth-the compromise of a single security mechanism still leaves in place other protection mechanisms to offset the risk. This strategy prevents new exploits and attacks from gaining complete access to sensitive networks. The extra redundancy and layers can provide sufficient time for IT administrators to test and deploy emergency security fixes when a vulnerability is discovered in the network.

Read more »

By: Sam Ellis

With all of the different home security system services out there, it can be hard to tell if you should have a wireless home security system, hardwired system, or a gadget that has been newly placed on the market. The goal is to stay one step ahead of any potential predators while keeping an affordable means of home security and choosing from masses of options. Recently, the best in home security has seemed to be the wireless home security system. Protecting your home from potential harm is a priority, but when you purchase a wireless home security system, you should know that there is more to the system than just the name.

The wireless home security system is primarily chosen because of its neat appearance and lack of wires. It is convenient to every abode in every situation. However, which system you choose will depend on how much security you need and what your budget entails. The best in home security wireless systems, and the most frequently used are the wireless security cameras, the wireless alarms, and the wireless motion detector syste

The cameras are a small and practical way to monitor your home security without an alarm. The cameras can be used for surveillance and the leaders in home security typically make them such as Ademco, DSC, and GE. They can be used to monitor children while playing as well as catching a common thief. These cameras have the option to record so that you may check the tapes later using a simple VCR or they can broadcast live. The wireless security cameras are generally considered the best in home security and when they are combined with other wireless devices, they are found to be almost foolproof.

Read more »

Many people go to the trouble of setting up a wireless home network but don’t secure it. This means any neighbour or passer-by in the street with a wireless laptop can find and access your home network. If you’re feeling generous you can leave it unsecured for your neighbours to use. But if you’re using a broadband service with usage limits, letting others gain access means that you may reach your monthly limit more quickly. More importantly, an unsecured network makes it easier for hackers to access your computer.

There are five simple steps to get basic security on your wireless home network:

Buy a Router with a Built-in Firewall
A firewall monitors traffic flowing from the Internet to your home network. Check the product specifications of your router to see if it has a built-in firewall. Alternatively you can install a firewall on each of the computers in your home network.

Change the SSID
Your router will have its own default name (SSID). Hackers know what default manufacturer settings are, so you need to change the SSID to prevent them gaining access.

Disable the SSID Broadcast
An SSID broadcast sends a signal to nearby computers to tell them you have a wireless network, so it is important to switch it off to keep your network hidden.

Change Your Router’s User Name and Password
On your router set-up page it will also have a default user name and password. Hackers know the default user names and passwords.

Enable WEP Security
WEP stands for Wired Equivalent Privacy and you can ask Windows XP to automatically turn it on. It encrypts your wireless broadband signal to prevent anyone snooping on it.

Wireless network devices typically install a monitor application that will report on link speed and integrity. This is true for wireless laptops and also for desktop systems with wireless NICs (network interface cards). To check the security of your wireless connection, locate the monitor applet, you can usually find it as an icon in your System Tray. Open the monitor and view your link information. For example, the Linksys Wireless Network Monitor 4.5, which installs with a Wireless-G PCI (Peripheral Component Interconnect) adapter card, can report many details about the link, including the transfer rate and channel in use. You can also see whether security features are enabled or disabled.

There are some cases in which wireless security is very important. For example, you should implement wireless security if you are sending sensitive or personally identifiable information across the network or if you are readily within range of other wireless users and want to prevent them from using your wireless bandwidth.

All of the things I have mentioned so far are basic security measures that apply whether you are at home, at work, or connecting to a public wireless network while browsing books at Starbuck Coffee. Now let’s take a look at some extra things you need to do or consider when connecting to a hotspot.

Verify Your Hotspot Connection
To begin with, you need to make sure you are connecting to a hotspot and not a malicious rogue access point. When you are connecting to a public wireless network, it will broadcast the SSID, or network name, along with other information your wireless adapter needs to know in order to connect. It is very easy though for an attacker to set up a rogue access point and use the same or similar SSID as the hotspot.They can then create a replica of the hotspot login Web site to lure users into giving up their usernames and passwords or possibly even get credit card numbers and other such information from users who think they are registering for access on the real site.

You should make sure that the location you are at even has a hotspot to begin with. Don’t think that just because you happen to be at a coffee shop and a wireless network is available that it must be a free wireless hotspot.

If you are at a confirmed hotspot location and more than one SSID appears for your wireless adapter to connect to, you need to make sure you connect to the right one. Some attackers will set up rogue access points with similar SSIDs to lure unsuspecting users into connecting and entering their login or credit card information.

Read more »

Public wireless networks, often referred to as hotspots, are springing up all over. Many chains such as Starbucks Coffee, Borders Books, and McDonalds’ have started adding wireless network access to their establishments through services providers. Major hotel chains have gone from no access to dial-up access to broadband access, and now many are offering wireless network access. Many airports and college campuses have wireless networks as well. It seems like every week someplace new pops up where you can surf the Web while you’re out and about.

It is perilous enough jumping onto the Internet using your own network in the comfort of your home, but sharing an unknown network and not knowing if the network or the other computers are secure adds some new concerns. Some of the things you must do to use a public wireless network securely are just simple rules of computer security no matter what network you’re connecting to, while others are unique to accessing a public wireless network.

Install Up-to-Date Antivirus Software
For starters, you should make sure you have antivirus software installed and that it is up-to-date.You don’t know what, if any, protection the network perimeter offers against malware or exploits, or whether or not the other computers on the network with you are trying to propagate some malware. You also need to make sure that your operating system and applications are patched against known vulnerabilities to help protect you from attack.

Install a Personal Firewall
Your computer should have personal firewall software installed. Again, you have no way of knowing offhand if the network you are joining is protected by any sort of firewall or perimeter security at all. Even if it is, you need the personal firewall to protect you not only from external attacks, but also from attacks that may come from the other computers sharing the network with you.

Read more »