Wireless Network Security

Definition

Wireless network security is the process of designing, implementing and ensuring

security on a wireless computer network. It is a subset of network security that adds
protection for a wireless computer network. Wireless network security is also known
as a wireless security. Wireless network security primarily protects a wireless
network from unauthorized and malicious access attempts.
Typically, wireless network security is delivered through wireless devices (usually a
wireless router/switch) that encrypts and secures all wireless communication by
default. Even if the wireless network security is compromised, the hacker is not able
to view the content of the traffic/packet in transit. Moreover, wireless intrusion
detection and prevention systems also enable protection of a wireless network by
alerting the wireless network administrator in case of a security breach.
Some of the common algorithms and standards to ensure wireless network security
are Wired Equivalent Policy (WEP) and Wireless Protected Access (WPA). The most
common types of wireless security are Wired Equivalent Privacy (WEP) and Wi-Fi
Protected Access (WPA). WEP is a notoriously weak security standard. The
password it uses can often be cracked in a few minutes with a basic laptop computer
and widely available software tools. WEP is an old IEEE 802.11 standard from 1999,
which was outdated in 2003 by WPA, or Wi-Fi Protected Access. WPA was a quick
alternative to improve security over WEP. The current standard is WPA2; some
hardware cannot support WPA2 without firmware upgrade or replacement. WPA2
uses an encryption device that encrypts the network with a 256-bit key; the longer
key length improves security over WEP.

Categories/Types

Ad-Hoc Wi-fi Network (Ad-Hoc)

The Ad-Hoc is a wireless network without the need of a big Server or a Router. A
Router is preferable the easiest way to go but is able to do without that router. Ad-
Hoc rely on each computers Wi-Fi Card to set up and Connect to other computers
through one of the other, which for the sake of argument, is the Server (or main
Computer). If this Computer has a Wireless Internet (USB modem etc.) then the Ad-
Hoc Network can share the Internet Connection as well.

Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) was first released as a portion of the IEEE 802.11
standard in 1999. Its security was deemed to be the equivalent of any wired medium,
hence its name. As the years passed, WEP was deemed broken, and it has since
been replaced by two other iterations of wireless security protocols, Wi-Fi Protected
Access (WPA) and WPA2.
Wired Equivalent Privacy is sometimes erroneously referred to as Wired Equivalent
Protocol (WEP).

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access (WPA) is a security standard to secure computers connected

to a Wi-Fi network. Its purpose is to address serious weaknesses in the previous
system, the Wired Equivalent Privacy (WEP) standard.
Wi-Fi Protected Access (WPA) and WPA2 are concurrent security standards. WPA
addressed the majority of the IEEE 802.11i standard; and the WPA2 certification
achieved full compliance. However, WPA2 will not work with some older network
cards, thus the need for concurrent security standards.
Wi-Fi Protected Access included a 128-bit temporary key integrity protocol (TKIP)
which dynamically produces a new key for each data packet; WEP only had a
smaller 40-bit encryption key which was fixed and had to be manually entered on
wireless access points (APs). TKIP was designed to be used with older WEP
devices, with updated firmware. However, researchers did discover a security flow in
TKIP concerning weaknesses in retrieving the keystream of data packets; it could
only encrypt short (128 byte) data packets. This caused TKIP to be replaced with
CCMP (sometimes called AES-CCMP) encryption protocol in WPA2, which
provides additional security.
Applicable to both WPA and WPA2, there are two versions targeting different users:

WPA-Personal was developed for home and small office use and requires no
authentication server; and each wireless device uses the same 256-bit
authentication key.
WPA-Enterprise was developed for large businesses and requires a RADIUS
authentication server that provides automatic key generation and
authentication throughout the entire enterprise.

Wi-Fi Protected Access II (WPA2)

WPA has, as of 2006, been officially superseded by WPA2. One of the most
significant changes between WPA and WPA2 is the mandatory use of AES
algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining
Message Authentication Code Protocol) as a replacement for TKIP. However, TKIP
is still preserved in WPA2 as a fallback system and for interoperability with WPA.
Currently, the primary security vulnerability to the actual WPA2 system is an obscure
one (and requires the attacker to already have access to the secured Wi-Fi network
in order to gain access to certain keys and then perpetuate an attack against other
devices on the network). As such, the security implications of the known WPA2
vulnerabilities are limited almost entirely to enterprise level networks and deserve
little to no practical consideration in regard to home network security.
Unfortunately, the same vulnerability that is the biggest hole in the WPA armorthe
attack vector through the Wi-Fi Protected Setup (WPS)remains in modern WPA2-
capable access points. Although breaking into a WPA/WPA2 secured network using
this vulnerability requires anywhere from 2-14 hours of sustained effort with a
modern computer, it is still a legitimate security concern. WPS should be disabled
and, if possible, the firmware of the access point should be flashed to a distribution
that doesnt even support WPS so the attack vector is entirely removed.

Importance/Benefits

1) To Prevents from stealing bandwidth Internet/File Sharing speed will stable

when no people stealing.
2) To Prevents from disruptive or illegal acts abuse, for example watching porn,
selling drugs or etc.
3) To Prevents from stealing the sensitive information abuse, for example
Snooping the network to gain access the passwords and other important data.
4) To Prevents infect malicious threats from the networks. abuse, for example like
their, give Illegal Software like Virus something into Networks to Encrypt the
documents or something else important.

Example of Standard

Ad-hoc Mode

The operating mode for wireless service in which end user devices interact with each
other in a "peer-topeer" configuration. Ad hoc mode does not require the use of a
wireless network access point.
Wired Equivalent Privacy (WEP)

WEP is an older network security method thats still available to support older
devices, but its no longer recommended. When you enable WEP, you set up a
network security key. This key encrypts the information that one computer sends to
another computer across your network. However, WEP security is relatively easy to
crack.
There are two kinds of WEP: open system authentication and shared key
authentication.
Neither is very secure, but shared key authentication is the least secure of the two.
But a hacker can easily hacks it using some Wireless network analysis tool.

Wi-Fi Protected Access (WPA and WPA2)

WPA and WPA2 require users to provide a security key to connect. Once the key
has been validated, all data sent between the computer or device and the access
point is encrypted.
There are two types of WPA authentication: WPA and WPA2. WPA2 is the most
secure. In WPA-Personal and WPA2-Personal, each user is given the same
passphrase. This is the recommended mode for home networks. WPA-Enterprise
and WPA2-Enterprise are designed to be used with an 802.1x authentication server
that distributes different keys to each user. This mode is primarily used in work
networks.

Confidentiality: It helps to keep strangers from eavesdropping on the

network activity.
Integrity: When the wireless network is protected, there's a better chance the
data received or sent hasn't been changed by a hacker.
Trust: There's a greater chance that those on network have authorized
access and can trust their communications.