Wireless Local Area Networks and Security Mechanisms Essay Example

a small wireless workgroup without an access point, while infrastructure mode incorporates wireless clients into an existing LAN infrastructure (Netgear, 2014). Both modes consist of access points and wireless clients as key components.

A wireless access point is used to connect wireless clients to a wired LAN, without merging two networks. Figure 2 displays the basic WLAN topology featuring a Wireless Access Point (WAP). The diagram depicts an access point linked to the wired LAN, alongside wireless clients on the same subnet as the access point. Depending on the chosen technology, one access point can accommodate multiple wireless clients. Security for access points necessitates specific considerations. Unlike traditional wired networks that rely on physical security measures, anyone within range of an access point can join the network without a password. Moreover, if a hacker manages to bypass the password security, they can intercept data transmitted over the wireless network. Various security solutions exist to address these concerns.

A wireless client refers to any device, including desktops, laptops, tablets, or mobile phones, that is equipped with a wireless network interface card (NIC). This NIC enables the device to establish communication with an access point. In order for this communication to occur, the client must be configured with the identical SSID as the access point. The SSID, also known as the network name, is a case-sensitive alphanumeric string that can have a maximum length of 32 characters. Numerous access points automatically broadcast their SSID by default in order to notify nearby wireless clients.

The security of wireless networks is a significant concern because radio waves can extend beyond their intended range, allowing unauthorized users to connect and intercept data. This

section will cover various security measures for wireless networking, such as SSID broadcasting, MAC address filtering, Wired Equivalent Privacy (WEP), and Wi-Fi Protected Access (WPA).

It is common for an access point to broadcast itself to wireless clients in its radius, allowing clients to see available access points and choose which one to join. Disabling SSID broadcasting makes it harder to identify access points but requires clients to manually enter the SSID. This is the simplest security measure but provides little protection against intrusion.

MAC (Media Access Control) Address Filtering is a common security feature found on access points. This method involves using the 48-bit address assigned to each network interface card (NIC) and categorizing them into either a whitelist or blacklist (Cisco, 2008). However, it is important to note that a MAC address represents a device, not an individual. Therefore, in order for a client to use the network, an authorized administrator must whitelist or blacklist the MAC address for each device. The process of specifying approved and rejected MAC addresses can be managed through the administrator page of the access point [Figure 3]. Although this security measure may work well for small home use, businesses find it impractical due to the need for manual addition of each address, resulting in significant overhead. It is insufficient to rely solely on this security feature as individuals can easily "spoof" their MAC address to impersonate another device (InfoExpress, 2017).

The privacy component of the original 802.11 specification is the IEEE 802.11 WEP protocol, introduced in 1997. Its purpose is to provide confidentiality similar to wired networks. WEP authentication and data encryption utilize two types of shared secret keys (40-bit

and 104-bit). These keys, combined with a 24-bit Initialization vector (IV), create the total encryption key used for message decryption by both client and server.

For the 40-bit shared key, the encryption key length is 64-bit, while it is 128-bit for the 104-bit shared key. Key management algorithm is not included in the WEP protocol; instead, it assumes that both access point and client have agreed upon the shared key through another method.

The creation of new IVs is not standardized in the original 802.11 specification and depends on the chosen algorithm. However, each sent message can have a different IV component of the encryption key. The IV component is transmitted as clear text along with the encrypted message (cipher text), allowing recipients to generate a new encryption key using it (refer to figure 4 for an overview). Unfortunately, intercepted packets containing clear text IVs could potentially grant unauthorized users access to a portion of the encryption key and consequently gain access to sensitive data.

WEP has two authentication modes: Open System and Shared Key. The Open System mode does not require a key for authentication, so the client is always authenticated and matching configurations are not necessary. Figure 5 illustrates the process of Open System authentication (Qnx, 2017).

The procedure for authentication in Open System mode is described by Kurose et al. (2013):

The authentication process in the Shared Key method requires an encryption key. Unlike the Open System mode, both the client and access point must have the same authentication configuration. Figure 6 below shows a visual representation of the Shared Key authentication mode.

The given text does not contain any specific content between the . The tags

and

are typically used to define a paragraph in HTML markup. Therefore, without any specific content, it cannot beor unified.

The steps for using Shared Key Authentication are as follows (Kurose et al, 2013):

Initially, WEP served its intended purpose; however, as technology advanced, the security flaws of the WEP protocol became apparent. The protocol has three major issues that compromise wireless network security: distributing the shared key to every user on the network is challenging; the encryption key size is only 40-bit or 104-bit, leaving it vulnerable to hacking with open source software. As a result of these vulnerabilities, WEP was deprecated in 2004 and replaced by the more reliable and robust security services provided by WPA and WPA2.

Introduced in 2004, the 802.11i WPA2 protocol was an upgrade from the intermediate WPA and original WEP protocols. It enhances security by implementing the 4-way handshake and group key handshake protocols. These protocols utilize authentication and port access services within WPA2 to establish and modify encryption keys (IEEE, 2004).

Include a text here

The four-way handshake is an authentication process between an access point and a client. It serves as a method for both parties to verify their knowledge of the Pairwise Master Key (PMK) without revealing any part of the key, thus providing greater security compared to WEP. Although the process of sending encrypted messages is based on the WEP protocol, successfully decrypting the message confirms their familiarity with the PMK (Chaudhary, 2014). This process is crucial for safeguarding the PMK from malicious users. Even if an attacker's network id (SSID) impersonated a genuine access point, the PMK would remain undisclosed.

The text within the

tags should beand

unified while keeping the tags and their contents intact.

Within the specified sections, there are multiple elements related to wireless networking and wireless security. The primary focus is on operational security, which includes three subcomponents: firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). These systems provide an extra level of protection for preventing, detecting, and resolving security issues.

The purpose of a firewall is to create a barrier between an organization's internal network and the internet, using both software and hardware components. It controls the flow of packets by permitting some to pass through while blocking others based on specific criteria. Boudriga (2010) explains that this is done by analyzing the header fields of each packet. To better understand its placement within a networking infrastructure, refer to Figure 8 for a visual representation of where a physical firewall is positioned.

Firewalls can be classified as network firewalls or host-based firewalls (Vacca, 2009). A network firewall manages the traffic between multiple networks and can be in the form of a software application or a standalone physical device. In contrast, a host-based firewall only regulates the traffic for a single machine (PersonalFirewall, 2017). Regardless of the type, both firewalls employ a set of predetermined rules that are determined by an administrator using either built-in or third-party software (see figure 9).

Utilizing a firewall is essential for enhancing security for individual computers and networks. Firewalls offer various benefits such as enforcing security policies for an organization's infrastructure, restricting access to specific services, eliminating the need to compromise between usability and security, and enabling administrators to monitor network traffic. However, firewalls also have limitations, including their ability to only

regulate traffic passing through them, inability to protect approved items, and incapacity to guard against internal network-related issues.

Intrusion Detection Systems (IDS) are a type of network and system monitoring method. They can be in the form of either a device or software application that detects malicious activity and violations of policies (Kurose, 2013). The detected information is logged and managed by specific software. IDS systems can be classified into two categories, which are signature-based and anomaly-based.

A signature-based IDS maintains a database of known attack signatures. Each signature is a set of rules containing information about a known packet, such as port numbers, protocol types, and bit strings. Signatures are typically created by network security engineers but can be customized and expanded. However, signature-based IDS systems have limitations. They require prior knowledge of the attack to generate an accurate signature. In contrast, an anomaly-based IDS creates a traffic profile by observing normal operation and identifying statistically unusual packets. Anomaly-based IDS systems have one major advantage in that they can potentially detect new attacks without relying on previous knowledge. However, distinguishing between normal traffic and simply unusual traffic is a highly challenging task.

The reviewed literature concludes that wireless networking has gained popularity and advanced as a technology. However, it also poses security challenges compared to traditional wired connectivity. Due to the usage of electromagnetic waves for data transfer, unauthorized access to exchanged data between a client and access point is possible. Therefore, implementing secure measures such as encrypted authentication and data transfer along with additional layers like firewalls and intrusion detection/prevention systems are necessary. It is crucial to utilize new technologies and updated standards for ensuring optimal

security in wireless networking.

Al Tamimi, A. (2006) has authored a survey paper titled "Security in Wireless Data Networks." The paper can be accessed online at Cs.wustl.edu:
http://www.cs.wustl.edu/~jain/cse574-06/ftp/wireless_security/index.html.

The book "Security of mobile communications" by Boudriga, N. and Boudriga, N. (2010) is available from CRC Press in Boca Raton.

Beal (2017) defines the Service Set Identifier (SSID) as a unique identifier for a wireless network in the field of technology. The full definition can be found at http://www.webopedia.com/TERM/S/SSID.html.

The Network Virtualization–Access Control Design Guide from Cisco is available online at http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/AccContr.html.

Cisco offers a guide on the various authentication options available for wireless devices. You can find this guide at this online link.

Farshchi (2003) identifies the main elements of a wireless policy in the second section of an article titled "Wireless Network Policy Development," published by Symantec Corp on October 10, 2003. To access the article, visit: http://www.securityfocus.com/printable/infocus/1735.The text discusses a standard from 1997 titled "IEEE Standard for Information Technology- Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements-Part 11." The publication place and publisher are not mentioned.

IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements (pdf), IEEE Standards

The primary focus of the 2017 ebook published by Intel is on the Intel Wireless Ethernet LAN (WLAN). For more information, you can visit http://www.intel.com/content/dam/www/public/us/en/documents/faqs/wireless-ethernet-lan-faq1.pdf.

The article titled "Detecting and Preventing MAC Spoofing" by InfoExpress (2017) can be found online.

Kurose and Ross (2013) wrote the book Computer networking which was published by Pearson in Boston.

In his book, "Wireless Internet Service: An Introduction," Mitchell, B. provides an overview of wireless internet service.

The link provided is from Microsoft's website and it contains information about how 802.11

wireless works.The text provides information about Netgear's wireless access points from 2014 and includes a hyperlink to additional online resources at the specified URL.

Netgear offers guidance on setting up Access Control or MAC Filtering for Smart Wizard routers. The instructions can be found on the NETGEAR Support website at https://kb.netgear.com/13112/How-to-configure-Access-Control-or-MAC-Filtering-Smart-Wizard-routers?cid=wmt_netgear_organic.

The webpage titled "WEP Open System Authentication" by Netgear can be found online at http://documentation.netgear.com/reference/nld/wireless/WirelessNetworkingBasics-3-08.html.

The article titled "The six dumbest ways to secure a wireless LAN" by G. Ou (2005) is available on ZDNet's website at http://www.zdnet.com/article/the-six-dumbest-ways-to-secure-a-wireless-lan/.

O'Brien, J. & Marakas, G.M. (2008) Management Information Systems

The website of PersonalFirewall provides information on what a firewall is and how it protects computers. The link to the website is https://personalfirewall.comodo.com/what-is-firewall.html.The website Qnx.com provides assistance through their QNX SDP 6.6 Documentation, which can be accessed at http://www.qnx.com/developers/docs/660/index.jsp?topic=%2Fcom.qnx.doc.core_networking%2Ftopic%2Fwpa_background_Connecting_WEP.html.

The article "Wireless LAN Deployment and Security Basics" by Schenk, R. Garcia, A. Iwanchuk, R. was published in 2001 on ExtremeTech.com. It discusses the deployment and security aspects of Wireless LANs. The article can be accessed at the following URL: http://www.extremetech.com/article2/0,3973,1073,00.asp.

Sheridan (2017) has developed a resource on their website to enhance client printing services. To access this resource, visit https://it.sheridancollege.ca/service-catalogue/printing/printing-optimization.html.

The source of the information is an online article on Kali Linux Hacking Tutorials titled "Hack WPA/WPA2 PSK Capturing the Handshake" written by S. Chaudhary in 2014, which can be found at http://www.kalitutorials.net/2014/06/hack-wpa-2-psk-capturing-handshake.html.The book "Computer and information security handbook" written by J. Vacca in 2009 is published by Elsevier in Amsterdam.

Wallace, K. (2011). CompTIA Network+ Cert Guide: Connecting Wirelessly | Foundation Topics | Pearson IT Certification. [online] Pearsonitcertification.com. [Accessed 2021]. Available at: http://www.pearsonitcertification.com/articles/article.aspx?p=1773082

The 2007 release of the NIST

guide titled "Guide to Intrusion Detection and Prevention Systems (IDPS)" is accessible in PDF format.