Are WiFi Networks Secure Enough?
It’s always theoretically possible for eavesdroppers to view or “snoop” the traffic on any network and it’s often possible to add or “inject” unwelcome traffic as well. However, some wireless networks are built and managed much more securely than others.
Wireless networks add an extra level of security complexity when compared to wired networks. Whereas wired networks send electrical signals or pulses of light through cable, wireless radio signals propagate through the air and are naturally easier to intercept. Network engineers and other technology experts have closely scrutinized wireless network security because of this open-air nature of wireless communications. The increasing use wireless has exposed the vulnerabilities of WLANs and has, therefore, accelerated the pace of security technology advances in wireless equipment.
Typically, a discussion in wireless security refers to two areas: user authentication, and traffic encryption. User authentication prevents unauthorized users “utilize†network resources or, in other words, reduce the network resources available to authorized users. . Traffic encryption technology prevents unauthorized users to monitor the content of the information going through the wireless communication channels as these links may pass through exterior walls and into nearby places not meant to be part of the WLAN.
The following are some basic steps that are recommended to be taken to secure a wireless enterprise network:
- Turn on encryption. WPA2 encryption should be used if possible. WPA encryption is the next best alternative, and WEP is better than nothing. WPA encryption can provide resistance to man-in-the-middle attacks and rogue AP attacks.
- Change the default password needed to access a wireless device setting default passwords are set by the manufacturer and are known by Hackers.
- Change the default SSID, network Hackers know the default names of the various brands of equipment and continued use of a default name suggests that the network has not been secured.
- Disable file and print sharing if it is not needed.
- Access points should be arranged to provide radio coverage only to the desired service area if possible.
- Divide the wired and wireless portions of the network into different segments, with a firewall in between
These are some of the most recommended security steps in enterprise wireless networks and the best strategy when dealing with security is to always combine a number of security measures and not all wireless systems offer to same “Security Suiteâ€.
For example, there are several security features supported by Altai’s A8 Supper Antenna WiFi Cellular Base Station that will help with when implementing a security strategy, like MAC ID filtering, Static IP addressing and SSID suppression.
Theoretically, hiding the SSID will prevent unauthorized users from finding your network. MAC address filtering will prevent casual users from connecting to your network because the Altai system maintains a list of MAC addresses that are allowed access. By disabling DHCP and assigning static IP addresses to all wireless users, network administrators can minimize the possibility of a hacker obtaining a valid IP address.
Public networks differ from enterprise networks in that the above recommended security steps are not practical to apply to general public users. In order to improve security to wireless users, a more advanced authentication and encryption methodology needs to be used. There are many features provided by the Altai WiFi cellular network system to counteract wireless network intrusions in public networks.
Authentication and Encryption for a public WiFi network, using 802.1x and back-end RADIUS server via a captive portal web page can provide a good level of authentication security, preventing hackers from utilizing the network resources, but this does not prevent hackers from monitoring any unencrypted traffic. AES (WPA2) and TKIP (WPA) can provide encryption to traffic. However, network operators should be aware of the compatibility issues regarding old client devices and the difficulties of setup for novice users. The WPA-PSK encryption method is inappropriate for use in a public network because the pre-shared key needs to be shared amongst all users and therefore each user cannot be uniquely identified.
Multiple SSID and Isolation in the case of a public network where the operator wants to serve different types of users such as free access and paid-services, the Altai WiFi cellular system supports broadcasting multiple SSIDs, allowing the creation of Virtual Access Points (VAP) partitioning a single physical access point into several logical access points, each of which can have a different set of security and network settings. SSID Client Isolation prohibits wireless clients in the same subnet from communicating directly with each other and thereby bypassing the firewall, thus network security will be further increased.
Physical Security. Some access points will revert back to factory default settings (no security at all) when someone pushes the reset button on the access point. This makes the access point a fragile entry point for crackers to extend their reach into the network. Provide adequate physical security for the access point hardware, especially for those deployments in hotspots like coffee shops or restaurant.
Overall, conventional wisdom holds that wireless networks are now “secure enough” to use in the vast majority of homes, and many businesses. Security features like 128-bit WEP and WPA can scramble or “encrypt” network traffic so that communication content can not easily be deciphered by snoopers. Likewise, wireless routers and access points incorporate access control features such as MAC address filtering that deny network requests from unwanted clients.
Risks from hackers are sure to remain with us for any foreseeable future. The challenge for IT personnel will be to keep one step ahead of these security risks and Altai products will help with it.
The ABP Team
