Page 214 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 214
Wireless Networks
Notes Introduction
Wireless security is the prevention of unauthorized access or damage to computers
using wireless networks. The most common types of wireless security are Wired Equivalent
Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is a notoriously weak security standard.
The password it uses can often be cracked in a few minutes with a basic laptop computer and
widely available software tools. WEP is an old IEEE 802.11 standard from 1999 which was
outdated in 2003 by WPA or Wi-Fi Protected Access. WPA was a quick alternative to improve
security over WEP. The current standard is WPA2; some hardware cannot support WPA2
without firmware upgrade or replacement. WPA2 uses an encryption device which encrypts the
network with a 256 bit key; the longer key length improves security over WEP.
Many laptop computers have wireless cards pre-installed. The ability to enter a network
while mobile has great benefits. However, wireless networking is prone to some security
issues. Crackers have found wireless networks relatively easy to break into, and even use
wireless technology to crack into wired networks. As a result, it's very important that enterprises
define effective wireless security policies that guard against unauthorized access to important
resources. Wireless Intrusion Prevention Systems (WIPS) or Wireless Intrusion Detection
Systems (WIDS) are commonly used to enforce wireless security policies.
The risks to users of wireless technology have increased as the service has become more popular.
There were relatively few dangers when wireless technology was first introduced. Crackers had
not yet had time to latch on to the new technology and wireless was not commonly found in
the work place. However, there are a great number of security risks associated with the current
wireless protocols and encryption methods, and in the carelessness and ignorance that exists at
the user and corporate IT level. Cracking methods have become much more sophisticated and
innovative with wireless. Cracking has also become much easier and more accessible with easy-
to-use Windows or Linux-based tools being made available on the web at no charge.
Some organizations that have no wireless access points installed do not feel that they need to
address wireless security concerns. In-Stat MDR and META Group have estimated that 95% of
all corporate laptop computers that were planned to be purchased in 2005 were equipped with
wireless. Issues can arise in a supposedly non-wireless organization when a wireless laptop
is plugged into the corporate network. A cracker could sit out in the parking lot and gather
info from it through laptops and/or other devices as handhelds, or even break in through this
wireless card-equipped laptop and gain access to the wired network.
13.1 Need of Security
Wireless networking is inherently risky because you are transmitting information via radio
waves. Data from your wireless network can be intercepted just like signals from your cellular or
cordless phones. Whenever you use a wireless connection, you might want to ensure that your
communications and files are private and protected. If your transmissions are not secure, it may
be possible for others to intercept your e-mails, examine your files and records, and use your
network and Internet connection to distribute their own messages and communications.
How secure you want your network to be depends on how you use it. If you're just surfing to do
research or watch movies, you may not care if anyone picks up part of the transmission, but that's
up to you. Even if you're shopping and purchasing items over the net, those financial transactions
are usually protected by Secure Socket Layer (SSL). However, if your data is confidential or if you
want additional security, there are several different technologies you can install. Keep in mind
that security is a personal decision, but it's almost essential to use at least some level of security
as a deterrent to intrusion and interception.
208 LOVELY PROFESSIONAL UNIVERSITY
