Security for wireless networking is provided from the following standards:
Method |
Description |
Wired Equivalent Privacy (WEP) |
WEP is an optional component of the 802.11 specifications and was deployed in 1997. WEP was designed to provide wireless connections with the same security as wired connections. WEP has the following weaknesses:
|
Cisco interim solution |
Cisco's interim solution was deployed in 2001 to address the problems of WEP. The solution included the following:
|
Wi-Fi Protected Access (WPA) |
WPA is the implementation name for wireless security based on initial 802.11i drafts and was deployed in 2003. It was intended as an intermediate measure to take the place of WEP while a fully secured system (802.11i) was prepared. WPA:
Note: The Cisco interim solution is not compatible with WPA. |
Wi-Fi Protected Access 2 (WPA2) or 802.11i |
WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications and was deployed in 2005. It is built upon the idea of Robust Secure Networks (RSN). Like WPA, it resolves the weaknesses inherent in WEP, and is intended to eventually replace both WEP and WPA. WPA2:
Note: WPA2 has the same advantages over WEP as WPA. While more secure than WPA, its main disadvantage is that it requires new hardware for implementation. |
In addition to using the security measured outlined above, you can provide a level of security using the following practices. These methods by themselves do not provide much security, but rather keep curious people from trying to access the wireless network.
Method |
Description |
Change the administrator account name and password |
The access point typically comes configured with a default username and password that is used to configure the access point settings. If possible, it is important to change the administrator account name and password from the defaults. This helps prevent outsiders from breaking into your system by guessing the default username and password. |
Update the firmware |
Update the firmware on the access point from the manufacturer's Web site frequently to prevent your system from being exposed to known bugs and security holes. |
Enable the firewall on the access point |
Most wireless access points come with a built-in firewall that connects the wireless network to a wired network. |
Change SSID from defaults |
Many manufacturers use a default SSID, so it is important to change your SSID from the defaults. You can also disable the SSID broadcast for further protection, this is known as SSID suppression or cloaking. Note: Even with SSID broadcast turned off, a determined hacker can still identify the SSID by analyzing wireless broadcasts. |
Disable DHCP |
DHCP servers dynamically assign IP addresses, gateway addresses, subnet masks, and DNS addresses whenever a computer on the wireless network starts up. Disabling DHCP on the wireless access points allows only users with a valid, static IP address in the range to connect. |
Enable MAC address filtering |
Every network board has a unique code assigned to it called a MAC address. By specifying which MAC addresses are allowed to connect to your network, you can prevent unauthorized MAC addresses from connecting to the access point. Configuring a MAC address filtering system is very time consuming and demands upkeep. Note: Attackers can still use tools to capture packets and then retrieve valid MAC addresses. An attacker could then spoof their wireless adapter's MAC address and circumvent the filter. |
Credit: Testout 640-802 CCNA Notes
ไม่มีความเห็น