Securing a Wireless Network

Have you ever wondered how you can prevent unauthorized people from accessing your school ? s network if you have a wireless network infrastructure at your school. Wireless Access Points have several different ways that you can employ to secure your wireless network . This article will give you information about the ways to help you to secure your network .

Choosing a method of securing your wireless network depends upon how complicated you wish the setup to be or how secure your network needs to be. For example if you are running allows network that has access to confidential administration data you will need to employ methods that will encrypt the data and hide the existence of the wireless network so that the casual possibly is unaware of its existence.

Before securing your wireless network it is advisable that you read your suppliers manual and also set up a test network and laptop so that you are confident in implementing the right solution for the job.

There are several standards that concern Wireless Security. You may already of heard of WEP ( Wired Equivalent Privacy), WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) and WPA-802.1x.

Types of Wireless Security

WEP (Wired Equivalent Privacy), if used, encrypts data before transmission. This provides greater security and privacy. All Wireless Stations need to use the same settings (WEP Key size and WEP key).

E ncrypting the data using WEP is by far the simplest method of implementing security. Most wireless access points will allow for 64 bit encryption or 128 bit encryption, this is implemented by means of a controlled access key. Most modern access points can automatically generate a key based upon the phrase or you may generate the key value by making up hexadecimal number.

An example encryption key may look like this :

  • 64Bit : 09641139E3
  • 128Bit : 5A516358A0CDAC6D330030471D

When WEP has been enabled at the access point each client device will need to use the defined key in order to gain access to the internal network. Windows XP as a built in Wireless Configuration tool that will automatically detect the type of wireless network that has been configured and will prompt for the WEP key for the wireless network.

WPA-802.1x (Wi-Fi Protected Access) – WPA requires the use of a Radius server for authentication. Each user (Wireless Client) and network device must have a "user" login on the Radius Server. Data transmissions are encrypted using a key which is automatically generated.

Implementing WPA is a lot more complicated than WEP but offers a greater level of security and manageability. Windows Server has a built in Radius server for authentication of clients. This can be configured with help from the online help or by searching the internet.

WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) – A version of WPA that uses a PSK (Pre-shared Key) for authentication, so you don’t need a Radius Server. All Wireless stations need to use the same PSK (Pre-shared Key). Data transmissions are encrypted using a 256 Bit key derived from the PSK. This key changes regularly, providing greater protection. WPA is more secure than WEP.

Using this method does not require use of additional services and servers. WPA-PSK is as simple to use as WEP. I would recommend that you try WEP first as not all of your devices may support the WPA-PSK protocol.

Cloaking the Wireless network

Cloaking is a method of hiding the existence of the wireless network by switching off the broadcast feature of the wireless network point. This can make it harder to diagnose problems with accessing the wireless, therefore I would suggest that you do not switch off the broadcast feature whilst you are testing and implementing your wireless setup.

Filtering

Another way to prevent access to the wireless access point is to implement a MAC (Media Access Control) address filtering system. This will prevent any computer accessing the wireless network if the MAC address does not match one of those boxes listed against access point. Using Mac address filtering is good for small networks where there are limited numbers of wireless clients. However Mac addresses can be spoofed by hardware and software so this is not totally full proof. A MAC (Media Access Control) address is a hardware address that uniquely identifies each node/client/device of a network. The Mac address is usually the assigned by the manufacturer to a piece of networking equipment.

Other security measures

It is recommended that you set a secure password on your Wireless Access point so as to prevent the casual user from interfering with any of the settings that you have configured.

Online Resources

Ten Steps to Secure a Wireless Network ? By PC Magazine

Posted in Networking and tagged , , , , , .