28 Discuss the security standards for Wireless Networks.
The need of security in Wireless Communications is unchallenged. These networks require different protocols to deal with security concerns than those are available for wired networks. Access control, authentication, authorization and encryption form a part of these standards as much as they form a part of wired networks. The security standards that are of concern for an administrator handling wireless networks are:
Wired Equivalent Privacy (WEP): These can easily be termed as the first step to secure wireless networks. When it was designed it was designed with the objective of simple to configure and implement security protocol. It was expected to deliver to the same set of standard for security of wireless networks as for wired networks. It was introduced by IEEE in 1997 for securing 802.11 networks. It works by encrypting data from the files that are being sent and received. The data packet passed through an encryption algorithm known ac RC4, which was combined with a 40 bit number key. The key was raised to a 128 bit key, making the system more secure. While the data traveled through airwaves it was scrambled. At the receiving end the data would pass through the RC4 backward, resulting in the receipt of data as intended by the host. The time when the WEP security standards were specified, security was not a priority. The security tool was easy to crack leading to the opinion that wireless communication cannot be trusted.
There are two kinds of WEP security:
- Static: This form continues to use the same security key.
- Dynamic: In this form, the security key is dynamically changed, making it more secure than the static security.
Wi-Fi Protected Access (WPA): For enhancing the utility of wireless technology it was essential that the security concerns be satisfied. It was necessary to increase the confidence and make wireless communication available for confidential data. In response to the demands of security Wi Fi Protected Access (WPA) standards were prescribed. WPA dealt with two issues proactively:
- Enhanced Data Encryption: A temporal key integrity protocol (TKIP) is used by WPA. The encryption keys are scrambled using a hashing algorithm. An integrity key is issued that verifies for any tampering or modification of the data during transit.
- Authentication: Authentication is done by this standard using the Extensible Authentication Protocol (EAP). Access to wireless networks is regulated based on the computer hardware specific MAC address. MAC addresses are prone to theft. The EAP system works through a public key encryption system, ensuring access to authorized network users.
Temporal Key Integrity Protocol (TKIP): One of the protocols developed to deal with the shortcomings of WEP was TKIP. It is defined in the IEEE 802.11i. This encryption based protocol not only ensured greater security, but also enabled the existing hardware to be upgraded to TKIP encryption. The protocol revolves around the original WEP standards but has added additional codes at both ends of the packet. The original code is modified by the additional code for higher level of security. Just like WEP, it also uses the RC4 stream encryption, but the level of encryption is much higher. It is ideal for nonsensitive data and home users.
802.1 X: It is an IEEE standard and it specifies port based network access control. IT works well for both wired as well as wireless networks. The protocol uses the characteristics of a switched local area network infrastructure. The same is used for authenticating devices that are on the LAN port. In case of failure of authentication, it does not permit access. It is comprised of three main components:
- Supplicant: Supplicant is the system or node from which the request for access and authentication is issued;
- Authenticator: Authenticator is the control mechanism. It allows or denies traffic to pass though a port;
- Authentication Server: Validation of the credentials of the supplicant is done by the authentication server.
When a port based network access control interaction is undertaken, a LAN port can adopt any of the two roles:
- Authenticator: In this role, authentication is enforced by the LAN port before access is allowed to the services available through the port.
- Supplicant: In this role access to the services that can be accesses through the authenticator's port is requested by the LAN port.
RADIUS: The full form of this acronym is Remote Authentication Dial-In User Service. It is a protocol taking care of authentication, authorization and auditing. In this a single server acquires responsibility for the three of the functions. It works as a client /server system.
In this protocol, a remote user dials in to a remote access server; this remote access server acts as a client for RADIUS or NAS (Network Access Server). The processes of authentication, authorization and auditing are performed by the server and information returned to the RADIUS client. Based on the information that is received, the connection is either formed or rejected.