Wireless security basics: Authentication, encryption for access points

Wireless access points can be configured to broadcast the SSID, or name, of the access point, which is usually not necessary. By turning broadcasting off, you stop advertising your network to the world at large. Yes, the SSID is transmitted when a wireless node connects to the wireless network, but this is infrequent in comparison. The SSID should be set to something that does not describe the company to make it tougher for a hacker to know who owns the wireless network.

Wireless security encryption prevents someone from reading data it as it passes through the air, and can be accomplished using Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Extensible Authentication Protocol Transport Level Security (EAP-TLS), or virtual private network software. WEP lacks true authentication and uses a static encryption key that can be obtained with a little time using free software, and provides little protection against persistent eavesdroppers. WPA requires authentication and uses a longer, dynamic encryption key that is less likely to be cracked. WPA does, however, require compatible client hardware and software. EAP-TLS uses digital certificates to authenticate and encrypt the wireless traffic using SSL, but requires a somewhat complex PKI infrastructure.

Radio antennas usuall...

Most radio access points also allow you to restrict network access by the Media Access Control (MAC) address, a hardware address that uniquely identifies each node of a network. But be aware that this can be defeated using a passive wireless sniffer that can capture the MAC address of a device that is allowed on the network. Once acquired, the hacker can spoof his MAC address and is no longer restricted to that level. Restricting MAC addresses does add one more layer that must be compromised, so it's worth considering.

This was a very brief look into some wireless security basics and risks, but it gives you an overall view of the real-world issues you'll undoubtedly face when administering a wireless network and wireless access point security strategy.

About the author
Vernon Haberstetzer, president of security seminar and consulting company i.e.security, has seven years of in-the-trenches security experience in healthcare and retail environments.

[IMAGE]
[IMAGE]HACKER ATTACK TECHNIQUES AND TACTICS
[IMAGE]
[IMAGE]  Introduction: Hacker attack tactics
[IMAGE]  How to stop hacker theft
[IMAGE]  Hacker system fingerprinting, probing
[IMAGE]  Using network intrusion detection tools
[IMAGE]  Authentication system security weaknesses
[IMAGE]  Improve your access request process
[IMAGE]  Social engineering hacker attack tactics
[IMAGE]  Secure remote access points
[IMAGE]  Securing your Web sever
[IMAGE]  Wireless security basics
[IMAGE]  How to tell if you've been hacked

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Hacker Tools and Techniques: Underground Sites and Hacking Groups,   Information Security Threats,   Wireless Network Security: Setup and Tools,   Wireless LAN Design and Setup,   Enterprise Network Security,   Wireless Network Protocols and Standards,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Hacker Tools and Techniques: Underground Sites and Hacking Groups Russian cybercriminals target H1N1 Swine Flu fears Metasploit Project acquisition ups ante for penetration testing market Successful rogue antivirus hinges on social engineering DEFCON survey suggests hacker community on vacation DoD urges less network anonymity, more PKI use New hacker skills optimize revenue Maturing cybercriminal economy buoyed by business savvy hackers Juniper pulls ATM hacking presentation from Black Hat Botnet platform helps cybercriminals bid for zombie PCs Man pleads guilty in online banking hacking scam Wireless LAN Design and Setup Wireless network guidelines for PCI DSS compliance Best Wireless Security Products How to prevent wireless DoS attacks Lesson 4 quiz: How to use wireless IPS Wireless intrusion prevention systems: Overlay vs. embedded sensors Rogue AP containment methods How to monitor WLAN performance with WIPS The role of VPN in an enterprise wireless network Wireless AP placement basics Lesson 3 quiz: Who goes there? Wireless LAN Design and Setup Research Wireless Network Protocols and Standards Wireless network guidelines for PCI DSS compliance Best Wireless Security Products MMS messaging spoof hack could have global ramifications PCI group releases wireless security guide 802.1X Port Access Control: Which version is best for you? Wireless Security Lunchtime Learning A wireless network vulnerability assessment checklist How to configure VLANs with 802.1X for WLAN authorization Risky Business: Understanding WiFi threats Lesson 1 quiz: Risky business RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary black hat  (SearchSecurity.com) cracker  (SearchSecurity.com) cyberextortion  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) Echelon  (SearchSecurity.com) hacker  (SearchSecurity.com) man in the middle attack  (SearchSecurity.com) van Eck phreaking  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.