Problem solve Get help with specific problems with your technologies, process and projects.

Wireless security basics: Authentication, encryption for access points

This section of our hacker techniques and tactics series focuses on implementing wireless security basics to prevent hacker compromise.

Casually driving through a local business park, I noticed about 15 wireless access points broadcasting their presence to the public, several of which required no authentication to access the company's network. If you've turned on your laptop with a wireless NIC and driven around a city much, this is no big surprise. To keep your wireless network secure from war-drivers looking for access points, it's important to enhance wireless access point security with basics such as authentication and encryption..

Wireless access points can be configured to broadcast the SSID, or name, of the access point, which is usually not necessary. By turning broadcasting off, you stop advertising your network to the world at large. Yes, the SSID is transmitted when a wireless node connects to the wireless network, but this is infrequent in comparison. The SSID should be set to something that does not describe the company to make it tougher for a hacker to know who owns the wireless network.

Wireless security encryption prevents someone from reading data it as it passes through the air, and can be accomplished using Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Extensible Authentication Protocol Transport Level Security (EAP-TLS), or virtual private network software. WEP lacks true authentication and uses a static encryption key that can be obtained with a little time using free software, and provides little protection against persistent eavesdroppers. WPA requires authentication and uses a longer, dynamic encryption key that is less likely to be cracked. WPA does, however, require compatible client hardware and software. EAP-TLS uses digital certificates to authenticate and encrypt the wireless traffic using SSL, but requires a somewhat complex PKI infrastructure.

Radio antennas usually have power settings that will allow the signal's transmission strength to be adjusted. It's best to tune your antennas so that they just cover the areas where wireless access is needed and not the parking lot where drive-by hackers like to reside.

Most radio access points also allow you to restrict network access by the Media Access Control (MAC) address, a hardware address that uniquely identifies each node of a network. But be aware that this can be defeated using a passive wireless sniffer that can capture the MAC address of a device that is allowed on the network. Once acquired, the hacker can spoof his MAC address and is no longer restricted to that level. Restricting MAC addresses does add one more layer that must be compromised, so it's worth considering.

This was a very brief look into some wireless security basics and risks, but it gives you an overall view of the real-world issues you'll undoubtedly face when administering a wireless network and wireless access point security strategy.

About the author
Vernon Haberstetzer, president of security seminar and consulting company, has seven years of in-the-trenches security experience in healthcare and retail environments.


  Introduction: Hacker attack tactics
 How to stop hacker theft
  Hacker system fingerprinting, probing
  Using network intrusion detection tools
    Authentication system security weaknesses
  Improve your access request process
 Social engineering hacker attack tactics
 Secure remote access points
 Securing your Web sever
  Wireless security basics
How to tell if you've been hacked

This was last published in March 2005

Dig Deeper on Hacker tools and techniques: Underground hacking sites