Network security, Disabling SSID broadcast, Limiting the number...

11.7. Network Security

Network security is ensured by the security of communications. Information security for workstation switching for WPAN networks of IEEE 802.15.3 and IEEE 802.14.4 standards is provided by using the AES 128 security protocol for corporate Wi-Fi networks of IEEE 802.1 lg and IEEE 802.1 In standards using WEP, WPA, WPA2 security protocols , for networks of the standard IEEE 802.11a and IEEE 802.11b - the security protocol WEP. For wireless networks of the city scale, information security is provided by triple encryption using the DES3 protocol.

The basic security measures in wireless Wi-Fi networks include:

- disabling the broadcast of the SSID network code;

- limit the number of persons allowed to work on the network;

- disabling Dynamic Host Configuration Protocol (DHCP), which provides automatic dynamic assignment of IP addresses;

- the use of security protocols WEP, WPA, WPA2.

11.7.1. Disabling SSID broadcast

The SSID is an important parameter necessary to gain access to the network. This built-in 802.11 security is the name you need to enter to enter the network.

Standard access points are equipped with omni-directional antennas. Therefore, for them the problem of ensuring security is a priority. Many wireless access points in their standard configuration automatically broadcast the SSID network identifier. Passing such code invites anyone to access the network. Its broadcast transmission can be useful in PWLAN public networks.

For most corporate, small local and home networks, the broadcast of the network ID must be disabled. This is done using the software supplied with the access point. The network administrator can change the standard SSID code for each access point for each access point, and also limit the number of persons to whom this code is known. However, such a measure is not sufficient. It is not difficult to learn the SSID for an attacker. For this you need to have a laptop and the necessary software. An attacker can remove traffic between the access point and the computer and analyze it. The SSID code appears in it explicitly.

11.7.2. Limit the number of network users

Most access points allow the network administrator, using the software provided with the access point, to create an access list of network adapters that are allowed to connect to the wireless network. To do this, each authorized user is assigned a specific MAC address of the computer's network adapter, which is included in the list of allowed addresses. Since it will be transmitted in an unencrypted plaintext, an attacker can intercept it and put it in the right place. This makes this method of protection vulnerable. When setting up the wireless router, you must also specify the MAC address.

11.7.3. Disabling DHCP

Many wireless routers use DHCP to automatically assign IP addresses to wireless clients by default. This greatly facilitates the connection process, including for intruders. To complicate the process of their connection, the network administrator can disable DHCP and assign a static IP address to each client.

To protect against data interception, software and hardware can be used.

11.7.4. Protocols for protecting wireless networks WEP, WPA and WPA2

In recent years, WPA2 (Wi-Fi Protected Access 2) is used to protect the wireless network, ensuring privacy and data integrity in Wi-Fi networks. In combination with the port-based IEEE 802.1x authentication protocol, it will ensure the security of wireless communications. The WPA2 protocol uses the CCM encryption method (Counter-Mode with SHS-MAC Protocol), based on the more powerful encryption algorithm AES (Advanced Encryption Standard) than RC4.

WPA and WPA2 work in two modes of authentication - Personal and Enterprise. In WPA2-Personal mode, a 256-bit PSK key is generated from the plain-text password phrase that is entered in clear text. (PrShared key is a pre-shared key). The length of PSK can be from 8 to 63 characters, and the more it is, the less likely the successful hacking. The PSK key, as well as the SSI D (Service Set Identifier) ​​and the length of the latter together form a mathematical basis for the formation of the master key pair (Pairwise Master Key). It is used to generate a temporary pair or session key (Pairwise Transient Key) for the purpose of interfacing a wireless user device with an access point. Like the static WEP protocol, the WPA2-Personal protocol is inherent in the distribution and support of keys, which makes it more suitable for small office applications.

The protocol for WPA2-Enterprise addresses the distribution and management of static keys, and its integration with most corporate authentication services provides access control based on accounts. To work in this mode, you need registration information such as user name and password, security certificate or one-time password. Authentication is performed between the workstation and the central authentication server. The access point or wireless controller monitors the connection and sends the authentication packets to the appropriate authentication server (usually to the RADIUS server). The base for the WPA2-Enterprise mode is 802.1x, which supports port-based authentication for users and machines, suitable for both wired switches and wireless access points.

thematic pictures

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)