How to Characterize Wireless Network Security
Wireless network security falls into a number of categories, each relating to a different realm of security: authorization, confidentiality, identification and non-repudiation. Various security technologies contribute to wireless security at different levels. Physical and data-link layer security prevents unauthorized users from even connecting to the network, while higher layers of security prevent against traffic interception and decryption via the use of strong cryptographic algorithms. Skilled hackers can easily circumvent many of the default wireless security methods implemented by home wireless routers, but a well-configured network access point will offer virtual impenetrability, strong enough for most home, government and business uses.
Other People Are Reading
Instructions
-
-
1
Analyze your wireless router's physical security and access control configuration. Most modern, commercially available wireless network routers and access points have a configuration dialog accessible via a Web browser. Under access control or physical security, enable "MAC Address Restriction", which is a feature that limits access to a particular set of MAC (Media Access Control) hardware addresses, unique to each client wireless network interface. Disable SSID (Service Set Identification--the name of the network) broadcast, to prevent computers from connecting without knowing the name of the wireless network.
-
2
Categorize encryption methods on the wireless network. By default, most home and business network routers do not enable data encryption. Enable one of several different encryption mechanisms: WEP (Wired Equivalent Policy) is the most basic form of encryption, but was found to be insecure by the IEEE in 2004. WPA (Wi-fi Protected Access) and its successor WPA2 use much more secure encryption via the AES (Advanced Encryption Standard).
-
-
3
Determine whether the network implements strong identification methods. In the WEP and WPA specifications, special authentication algorithms provide strong identification of users. Under "Advanced Settings" in your wireless router, look for WEP Enterprise, RADIUS or WPA/WPA2 Enterprise modes. These encryption schemes use PKI (Public Key Cryptography) to implement client-server authentication on wireless networks. If enabled, issue each client a public key certificate signed by the server for authentication.
-
1
Tips & Warnings
Use your wireless network monitoring software along with your computer wireless card to capture wireless data and analyze your security features without accessing the configuration interface, to simulate what a real attacker would see.
Review your physical security measures for your wireless router--ensure it is kept in a locked area. Attackers can easily reset wireless networks to insecure default settings, given physical access.
Be sure to have owner/administrator permission before accessing any administration interface on a network and before capturing any traffic.
Remember to write down all configuration passwords and encryption keys. The only way to recover lost passwords/keys may be to perform a hard reset on the wireless router.
References
- Photo Credit wireless home network image by jaddingt from Fotolia.com
