Wi-Fi (Wireless Fidelity) – is the standard on the equipment for the broadband radio communication intended for the organization of the local wireless networks (Wireless LAN).
Wireless security should be given special consideration. Because wi-fi is a wireless network and, moreover, with a large range.
Accordingly, an attacker can intercept information, or to attack your network, from a safe distance.
Fortunately there are now many different ways to protect and with proper settings can be sure to provide the necessary level of security.
Encryption protocol that uses an algorithm rather than persistent RC4 on a static key. There are 64, 128, 256, and 512-bit wep encryption. The more bits used to store the key, the more possible key combinations, and therefore higher resistance to cracking the network. Part of the wep key is static (40 bits for a 64-bit), and the other part (24 bits) – dinamic (initialization vector), that is me in the process of the network. The basic protocol vulnerability wep is that the initialization vector is repeated after a period of time and the attacker need only collect these repetitions and calculate for them the static part of the key. To increase security, you can also use a wep encryption standard 802.1x or VPN.
More persistent encryption protocol than wep, although using the same algorithm RC4. A higher level of security is achieved through the use of protocols, TKIP and MIC:
– TKIP (Temporal Key Integrity Protocol). Network protocol dynamic keys that change frequently. In this case, each unit is also assigned a key that is also changing;
– MIC (Message Integrity Check). Verification protocol packet integrity. Prevents the interception of packets and redirect;
– Is also possible to use 802.1x and VPN, as is the case with wep.
There are two types of WPA:
– WPA-PSK (Pre-shared key). For key generation network and to the network using the key phrase. The best option for your home or small office network;
– WPA-802.1x. Log in to the network via an authentication server. Optimal for the network of a large company.
Protocol enhancements WPA. Unlike WPA, uses stronger encryption AES. By analogy with the WPA, WPA2 is also divided into two types: WPA2-PSK, and WPA2-802.1x.
Security standard, which includes several protocols:
– EAP (Extensible Authentication Protocol). Extensible Authentication Protocol. Used in conjunction with a RADIUS server in large networks;
– TLS (Transport Layer Security). Protocol, which ensures the integrity and encryption of data between the server and the client, their mutual authentication to prevent spoofing and interception of messages;
– RADIUS (Remote Authentication Dial-In User Server). Server authentication using login and password.
VPN (Virtual Private Network) – Virtual Private Network. This protocol was originally created for secure client access to the network through the public Internet channels. The principle of VPN – creating so called secure “tunnel” from the user to the access point or server. Although the VPN was originally created not for WI-Fi, it can be used in any type of networks. To encrypt VPN traffic is most commonly used protocol IPSec. It’s up to one hundred percent security. Burglary cases VPN is currently unknown. We recommend the use of this technology for corporate networks.
Additional methods of protection:
– Filtering by MAC address. MAC address – a unique identifier of the device (NIC), “hardwired” into it by the manufacturer. On some equipment may use this function and to allow access to the network of the address. This will create an additional obstacle attackers, though not very serious – MAC address can be replaced;
– Hide SSID. SSID – this is the ID of your wireless network. Most equipment can hide it, so when scanning wi-fi networks, your network will not be visible. But again, it’s not too serious obstacle if an attacker uses a more advanced scanner networks than standard utility in Windows;
– Prevent access to your access point or wireless router via a wireless network.
By enabling this feature, you can prevent access to the access point settings via Wi-fi network, but it will not protect you from data acquisition or from entering your network.
It should be remembered that the incorrect configuration of equipment that supports even the most advanced security technology will not provide the proper level of security to your network. Each standard has additional technology and configuration to improve security. Therefore, we recommend setting trust Wi-Fi equipment to professionals.