Safety Wireless Network
Availability of equipment and simplicity of doing a wireless local area networks are increasingly popular. Even small companies are trying to keep pace with the times and get rid of traditional cable networks. The usage of wireless networks is not confined to a small office and home systems, large firms are also use Wi-Fi to connect to corporate network resourced places where laying cables is technically impossible.
However, the decision on your wireless network is not always justified, especially in many cases, the security of such networks is given too little attention. According to experts, nearly 70 percent of successful hacker attacks the wireless networks associated with improper configuration of access points and client software, as well as the installation has too low-level security with a strong signal, easy to “break through” the office walls.
For some inexplicable reasons, the organizers of the wireless networks often find that when they switch on automatically ensures adequate levels of security. Manufacturers, in turn, has low security settings by default, either disable them at all, so when deploying network clients accidentally collided with the inability to access. With minimal settings, security equipment is the best compatible with a wide range of other devices, and virtually any modern software. And after setting up and testing of the network for compatibility with existing infrastructure, the system administrator changes security settings to prevent unauthorized entry into the corporate network.
Unlike wired networks, wireless call for increased attention to security as they enter the much simpler, since it does not need physical access to the channel. Radio can be taken to any compatible device, and if the data are not protected, anyone will be able to intercept it. Of course, it should not abandon the passwords of other traditional means of authentication, but obviously it is not enough to protect against unauthorized access. Let us consider briefly several ways to improve the security of wireless networks.
Disable SSID transmission
The sequence of numbers and letters is called as the SSID (Service Set Identifier) – a unique identifier of your wireless network. Transmission of the ID network is built-in on protection by default including in most of the equipment sold today, and it makes easy to discover available access points in the process of deploying the network. Transmission SSID is required to ensure that your equipment is able to connect to the network.
Access Points, which has the base stations connected to the network of computers, are potentially weak spot for through which an attacker could penetrate the network. At the level of access points, with no system of authentication by default, which makes the internal network unprotected, so system administrators should implement existing corporate systems to wireless base stations.
To provide increased security, you can prohibit access points broadcast of network ID. However it is possible to connect to the network only to those who know the correct SSID, that are the employees of your company, and occasional users who find your network by means of scanning simply will not be able to access it. Disabling SSID transmission is possible in the vast majority of the leading manufacturers of devices that actually allows you to hide your network from outsiders. If your network does not transmit ID, and if you do not officiate the usage of wireless technology, then this will complicate the task for your intruders. Detailed instructions for disabling SSID is usually given in the guidelines for use of wireless access points or routers.
To turn on encryption
It has long been used for sending important e-mail, encryption has been applied in wireless networks. To protect your data from prying eyes, in equipment for wireless communication implemented various cryptographic algorithms. When buying equipment, it is important to make sure that it supports not only low-level 40-bit encryption, but 128-bit cipher increased resistance.
To enable encryption protection systems can be used WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access -” Secure access to Wi-Fi “). The first system is less stable because it uses a static (permanent) keys. Protected by this protocol, network hackers break easily. The utility is easy to find on the Internet. Nevertheless, according to experts, even this protocol is not used in more than half of corporate wireless networks. One means of improving the effectiveness of WEP is automatically on a regular basis change the keys, but even in this case the network does not receive absolute protection. Attempts to enter into such a network will leave only random people who find it, but WEP will not stop professional, so for the full protection of corporate networks the protocol can not be used.
In the recent past, the organizers of wireless networks had no choice, as to use WEP, whose support remains in the modern devices in order to ensure compatibility of equipment, and to ensure a minimum level of security in the event of a failure to use more sophisticated protocols. Today, WEP is implemented in two versions: with 64 – and 128-bit encryption. However, it would be correct to talk about the key length of 40 and 104 bits as 24 bits of each key contains proprietary information and will not affect the resistance of the code. However, it is not so important as the main drawback of WEP is the static keys, to find which it is only need for some time to scan the network, intercepting the transmitted information.
To reiterate, that more or less acceptable level of security can be achieved only by means of regular shift keys, and using 128-bit encryption. The frequency shift keys depends on the frequency and duration of connections, it should be worked to ensure a secure procedure for transferring new keys to those employees who have access to a wireless network.
Better encryption provides protocol WPA, which realized the dynamic creation of keys, which excludes the possibility of interception or a selection key, as well as system identification (login and password) when connecting to the network through a protocol EAC (Extensible Authentication Protocol) . The protocol WPA 128-bit keys are generated automatically when the transfer of ten kilobytes of data, the number of keys to hundreds of billions, making it virtually impossible to select with the help of scanning, even with honed technique to intercept the information. In addition, this protocol is implemented algorithm for checking MIC (Message Integrity Check), prevents malicious changes of the data. But the choice of passwords should be given special attention: according to experts, to ensure a high level of safety of the length of the password must be at least 20 characters, and it should not be a set of words or any words, because such passwords are easily revealed by the word selection.
The problem with the WPA is that it was formally introduced in the specification of IEEE 802.11, only in mid-2004, so far, not all wireless equipment that was released over a year and a half ago, is able to work on this standard. Moreover, if the network has at least one device that does not support WPA, will apply a simple encryption, WEP, WPA, even if included in the settings of all other equipment.
Nevertheless, the equipment is constantly improved and today supports a new, more secure version of WPA2, working with dynamic key on 128, 192 and 256 bits. For example, such controller as Intel PRO / Wireless 2915ABG.
Regulate signal strength and its orientation
Wireless technology itself is inherently less protected from outside interference, so the organization of such networks is especially important to obstruct unauthorized entry into them. Among the purely technical way the most effective is to reduce the power of broadcast signal, because radio waves can easily overcome the walls of buildings, and in rural areas can overcome the plain for very long distances. Malefactor could put his car near a building in which your office is located, and in a comfortable atmosphere slowly pick up the key to your network. It is important to adjust the output signal so that it does not pass through the border of your territory. In addition, the access point should be positioned away from windows, outside walls, common corridors, hallways and stairs.
Wireless networks are a very convenient tool for rapid deployment, allowing computers to join the network, even in places where for one reason or another can not be laying the cable. However, since the unprotected wireless network which is easier to hacking than wired, should pay greater attention to the protection of foreign penetration. Obviously, absolute security is impossible to give, but some effective ways to difficulty of unauthorized access to wireless networks, we have described in this paper. More detailed instructions on how to implement these methods in practice is usually given in the documentation for the network equipment, so we do not set ourselves the goal to describe the specific actions, especially since they differ depending on the model and manufacturer of wireless access points and routers. We hope that this story will draw attention to the problem of ensuring the protection of wireless networks.