Thursday, December 24, 2009

Wireleess Sceurity

Overview article about how safe path to the scope of 802.11 wireless or WAP standards can be made. The method of data delivery in wireless communication with the wired communication is different. Given these differences, it implies a difference in how security can be maintained in the wireless sphere. Because of greater bandwidth, flexibility, and "freedom" it is a wireless communication infrastructure choices in communication. The desire grew as users in terms of security and is always there when needed. For a message that is sent, the user
expect any guarantee of:

• Authentication
Sending and receiving messages is really a he.

• Confidentiality
Messages can only be understood by the intended person.

• Integrity
The message is still intact and can be understood. 802.11 standard provides the facility to meet the requirements for security.

Wireless Physical Transport
Wireless signal that will be conducting data transmission using electromagnetic waves could be radio frequency (RF) or infrared frequency (IR). RF is more widely used in the implementation of wireless data transport method. 802.11 divided into 3 types:

• I-Band 902 MHz - 928 MHz,
• S-Band 2.4GHz - 2.48GHz, and
• M-Band 5.725GHz - 5.85GHz.

Which is now known to the wider community is 802.11b and 802.11a. 802.11b is commonly known as WiFi (Wire Fidelity), including the type of S-band 2.4 GHz and a maximum value of the link rate of 11Mbps. While 802.11a called WiFI5, including the type of M-Band 5.725 GHz and a maximum value of the link rate of 54Mbps.

WLAN Architecture

WLAN architecture is built from the stations and access points (APs). Basic structure is essentially a Service Set (BSS). Can be independent BSS BSS or BSS infrastructure. In independent BSS, stations communicate directly if they are within yangterjangkau, while the BSS infrastructure requires access point (AP) as a liaison between the stations.

WLAN Security Exploits

• Insertion Attacks
Those who do not have wireless access, wireless access with the aim to limited Internet access at no cost.
• Unauthorized Interception and Monitoring
The existence of parties to be "listeners" in the exchange of data between two parties or more. If the data is not properly encrypted, data can be obtained "listener" and managed by him either changed, or just information or taken disseminated.
• Denial of Service (DOS)
Utilizing the jamming signal. Because the use ISM band, then with signal can be affected easily by phone, microwave oven, and any transmission using the ISM band.
• Client-to-Client Attacks
MAC or IP address can be duplicated. Attack is often in TCP / IP can occur the wireless client that provides services such as SNMP, SMTP, FTP.
• Brute Force Attacks Against AP Passwords
Trying passwords by using dictionary password assistance.
• Encryption Attacks
Data sent from the client to the Access Point which is encrypted by using WEP protocol can be easily retrieved.
• Misconfiguration
Configuring the access point is not safe because it only uses the default settings.

Basic 802.11 Security

• SSID
Service Set Identifier (SSID) is a mechanism that can share the wireless networkinto parts with multiple network access point. This same concept with a subnet address that is used in wired LANs. SSID provides a method which can provide access control on the part of the AP or AP. Engineering added to complement this method is MAC Address Filtering.

• MAC Address Filtering
Each computer has a unique MAC address on its 802.11 network card. To enhance security in access control for each AP, each AP deprogram a list of MAC addresses can access the AP.

• WEP
WEP provides additional security with communications between the client encrypt and the AP uses RC4 encryption algorithm. All clients and APs using the same key for encryption and decryption. WEP uses 40-bit encryption key. WEP weakness is, this algorithm is still very easy to be attack. AES became an alternative to this algorithm.

Best Practice For Wifi Security


Although WEP can still be broken, but the WEP key to be implemented on 128-bit version. If WEP is implemented, then the default key must be changed periodically and randomly, and if possible use the session key. Clients must provide a password on the local drives, folders and files. Default SSID should be changed and the AP does not do SSID broadcasting for her and AP must use the MAC filtering. And to ensure end-to-end security, using a virtual private network (VPN).

WAP
With improving technology, to improve the security of a WAP protocol layer underwent a change.

No comments:

Post a Comment

Your Ad Here