28 May 2018

How to Protect Your Wireless Network

Many people don’t realize the importance of wireless network security while working on their wireless network. A wireless network can be easily hacked if it wasn’t properly protected.

Types of Wireless Network Security

The widely known wireless network security types are:

  1. No Security: Anyone can connect to the wireless network without a password
  2. WEP: WEP stands for Wired Equivalent Privacy which was the original encryption standard for wireless. Although it is better than having “No Security” at  all but it is a weak security protection which can be cracked using aircrack-ng in around 5 minutes as shown in How to Crack WEP Wireless with BackTrack 4 running on Windows
  3. WPA: Wi-Fi Protected Access (WPA or WPAv1) is a software or firmware improvement over WEP which bridges the gaps that WEP had. Although much tougher to crack than the WEP, but still possible especially with weak passwords as we can see in How to Crack WPA & WPA2 Wireless with BackTrack 4 running on Windows
  4. WPA2: Or WPAv2. Although WPA was considered a masterpiece of retro engineering, but it was still a compromise solution that suffered possible security flaw. WPA2 is a completely new security system that avoids the design flaws in WEP. However it can still be hacked in the same way as cracking the WPA as shown in How to Crack WPA & WPA2 Wireless with BackTrack 4 running on Windows

Wireless Security

In conjunction to the above mentioned security types you can extend your security measures by:

  1. MAC ID or MAC Address filtering: Most wireless routers support a feature which allows only specific MAC addresses to connect to the network. In other words you can specify which computers or wireless device can have access to the network. This option can be very difficult to manage especially in bigger networks, not to mention that a hacker can always manipulate the MAC address of his wireless adapter and connect to the network in case he knows one of the allowed addresses.
  2. RADIUS Server Authentication: A server that is responsible for receiving user connection requests, authenticating the user, and then returning all of the configuration information necessary for the client to deliver the service to the user. In other words it verifies network users through a server. This security mode is usually referred to as “WPA Enterprise”, “WPA2 Enterprise”, or “RADIUS”.
  3. Wireless intrusion prevention system: Is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).

Conclusion

Unfortunately many of the wireless networks used at homes are still using the WEP security protection which makes it easily vulnerable to being hacked. If you have a wireless network for home use then WPA2 with a long complex password would be your best choice to protect your wireless network, however if you are administering a wireless network for an enterprise business then it is recommended to use “WPA2 Enterprise” with a RADIUS server, and install a “Wireless Intrusion Prevention System” to protect and monitor your wireless network.

Next Step

References