WLAN security

WLAN SECURITY????

Why wlan security??????

Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security issues. Crackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into wired networks. As a result, it's very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources. Wireless Intrusion Prevention Systems (WIPS) or Wireless Intrusion Detection Systems (WIDS) are commonly used to enforce wireless security policies.

The risks to users of wireless technology have increased as the service has become more popular. There were relatively few dangers when wireless technology was first introduced. Crackers had not yet had time to latch on to the new technology and wireless was not commonly found in the work place. However, there are a great number of security risks associated with the current wireless protocols and encryption methods, and in the carelessness and ignorance that exists at the user and corporate IT level. Cracking methods have become much more sophisticated and innovative with wireless. Cracking has also become much easier and more accessible with easy-to-use Windows or Linux-based tools being made available on the web at no charge. Some organizations that have no wireless access points installed do not feel that they need to address wireless security concerns. In-Stat MDR and META Group have estimated that 95% of all corporate laptop computers that were planned to be purchased in 2005 were equipped with wireless. Issues can arise in a supposedly non-wireless organization when a wireless laptop is plugged into the corporate network. A cracker could sit out in the parking lot and gather info from it through laptops and/or other devices as handhelds, or even break in through this wireless card-equipped laptop and gain access to the wired network.

YES that's why we need it! 

Not only our privacy is at risk but also our valuable data such as credit card numbers, passwords and even our data can be illegally accessed. Now we wouldn't want a thief to take away our hard earned valuable money right under our nose would we?

That's is not the end:

That's not the end what does that mean, it means that as an admin you have failed to provide the required security which you were entrusted with! SHAME SHAME SHAME!!

So what can I do to secure my WLAN???

Well we can use the various security measures that are provided by the hardware vendor; normally every reputed hardware vendor will provide you the best in class security but there be's  some exception. Some vendor may even provide you with their specific security features of course they will charge you extra for their "SPECIAL" services. Following security features that I will discuss now is universal and can be found in every hardware u purchase unless you go very cheap and buy some very fake hardware:

• WEP
• WPA PSK
• WP2 PSK

Wired Equivalent Privacy (WEP) is an easily broken security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by the key of 10 or 26 hexadecimal digits, was at one time widely in use and was often the first security choice presented to users by router configuration tools.
Although its name implies that it is as secure as a wired connection, WEP has been demonstrated to have numerous flaws and has been deprecated in favour of newer standards such as WPA2. In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE declared that both WEP-40 and WEP-104 "have been deprecated as they fail to meet their security goals"

WEP was included as the privacy component of the original IEEE 802.11 standard ratified in September 1999. WEP uses the stream cipher RC4 for confidentiality, and the CRC-32 checksum for integrity. It was deprecated in 2004 and is documented in the current standard.

Basic WEP encryption: RC4 keystream XORed with plaintext

Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 key. At the time that the original WEP standard was drafted, the U.S. Government's export restrictions on cryptographic technology limited the key size. Once the restrictions were lifted, manufacturers of access points implemented an extended 128-bit WEP protocol using a 104-bit key size (WEP-104).

A 64-bit WEP key is usually entered as a string of 10 hexadecimal (base 16) characters (0-9 and A-F). Each character represents four bits, 10 digits of four bits each gives 40 bits; adding the 24-bit IV produces the complete 64-bit WEP key. Most devices also allow the user to enter the key as five ASCII characters, each of which is turned into eight bits using the character's byte value in ASCII; however, this restricts each byte to be a printable ASCII character, which is only a small fraction of possible byte values, greatly reducing the space of possible keys.

A 128-bit WEP key is usually entered as a string of 26 hexadecimal characters. Twenty-six digits of four bits each gives 104 bits; adding the 24-bit IV produces the complete 128-bit WEP key. Most devices also allow the user to enter it as 13 ASCII characters.

A 256-bit WEP system is available from some vendors. As with the other WEP-variants 24 bits of that is for the IV, leaving 232 bits for actual protection. These 232 bits are typically entered as 58 hexadecimal characters. ((58 × 4 bits =) 232 bits) + 24 IV bits = 256-bit WEP key.

What are WPA-PSK and WPA2-PSK?

There are two forms of encryption available when using Network Director, Wi-Fi Protected Access (WPA) and the newer WPA2. PSK can be used with either encryption method:

• WPA/WPA2 Enterprise (requires a RADIUS server) and provides coverage for large entities.
• WPA/WPA2 Personal (also known as WPA-PSK) is appropriate for use in most residential and small business settings.

How Do WPA-PSK and WPA2-PSK Work?

With WPA-PSK, you configure each WLAN node (access points, wireless routers, client adapters, bridges) not with an encryption key, but rather with a plain-English passphrase that contains up to 133 characters. Using a technology called TKIP (Temporal Key Integrity Protocol), that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. Those encryption keys are constantly changed. When clients connect, the WPA-PSK authentication users provide the password to verify whether to allow them access to a network. As long as the passwords match, a client is granted access to the WLAN.

When Would I Use PSK Authentication?

PSK was designed for home and small office networks that do not require the complexity of an 802.1X authentication server. Some reasons to use PSK authentication are:

PSK is simple to implement, as opposed to 802.1X authentication, which requires a RADIUS server.

Your legacy clients might not support 802.1X or the latest WPA2 standard.

Why Would I Not Use PSK Authentication?

Even if you have a small company, there are drawbacks to using PSK authentication. For example:

If an administrator leaves the company, you should reset the PSK key. This can become tiresome and be skipped.

If one user is compromised, then all users can be hacked.

PSK cannot perform machine authentication the way that IEEE 802.1X authentication can.Keys tend to become old because they are not dynamically created for users upon login, nor are the keys rotated frequently. You must remember to change the keys and create keys long enough to be a challenge to hackers. PSK is subject to brute force key space search attacks and to dictionary attacks.

Because WPA2-Personal uses a more advanced encryption type, additional processing power is required to keep the network functioning at full speed. Wireless networks that use legacy hardware for access points and routers can suffer speed reductions when using WPA2-Personal instead of WPA, especially when several users are connected or a large amount of data is moving through the network. Because WPA2-Personal is a newer standard, firmware upgrades can also be required for some hardware that previously used WPA exclusively.

How Is WPA Encryption Different Than WPA-PSK Encryption?

The primary difference between WPA and WPA2-Personal are the encryption ciphers used to secure the network. WPA can use only the encryption cipher Temporal Key Integrity Protocol (TKIP). WPA2-Personal can use TKIP, but because TKIP security keys are less secure, the WPA2 protocol usually uses the Advanced Encryption Standard. AES uses a much more advanced encryption algorithm that cannot be defeated by the tools that overcome TKIP security, making it a much more secure encryption method. 

you can also pay a visit to my other blog and get more info at TechnoGeekForum

In the coming weeks we will practically implement the various wlan security protocols and even learn how to secure it further to enhance its security so stay tuned for more updates.

Disclaimer- Although the Author has tried his best to supply the correct  information from various internet sources, chances are that he can be wrong please do find the mistake and report it and help in building a better knowledge library because knowledge is our right! All the logos and names used are registered trademarks of their respected organizations, the author takes no responsibility for any harm caused to anyone or any organization. If anyone feels any violation is committed, do report as soon as possible so that it can be corrected! Thank you.