Flux rss
Reviews
They need your help

Wi-Fi wireless network security (802.11 or WiFi)

Adapted infrastructure

The first thing to do when a wireless network is installed is to place the access points in reasonable locations depending on the desired area of coverage. However, it is not uncommon to find that the covered area ends up being larger than desired, in which case it is possible to reduce the access terminal's strength so that its broadcast range matches the coverage area

Avoid using default values

When an access point is first installed, it is configured to certain default values, including the administrator's password. Many novice administrators think that once the network is operational, there is no point in changing the access point's configuration. However, the default settings offer only a minimal level of security. For this reason, it is vital to log in to the administration interface (generally via a web interface or by using a particular port on the access terminal), especially to set an administrative password.

What's more, in order to connect to an access point, it is necessary to know the network identifier (SSID). This is why it is strongly recommended to change the default name of the network and to deactivate broadcasting the name on the network. Changing the default network identifier is all the more important because it can, if left unaltered, give hackers information on the brand or model of the access point being used.

Filtering MAC addresses

Every network adapter (the generic term for a network card) has its own physical address (called a MAC address). This address is represented by 12 digits in hexadecimal format, split up into two-digit groups separated by dashes.

The configuration interfaces of access points generally allow them to keep a list of access permissions (called the ACL, for Access Control List) based on the MAC addresses of the devices authorised to connect to the wireless network.

This somewhat restrictive precaution allows the network to limit access to a certain number of machines. However, this does not solve the problem of securing data transfers.

WEP - Wired Equivalent Privacy

To solve transfer security issues on wireless networks, the 802.11 standard includes a simple data encryption mechanism called WEP (Wired equivalent privacy).

WEP is an 802.11 data frame encryption protocol that uses the symmetrical algorithm RC4 with 64-bit or 128-bit keys. The concept of WEP involves setting a secret 40-bit or 128-bit key ahead of time. This secret key must be declared on both the access point and the client machines. The key is used to create a pseudo-random number of the same length as the data frame. Each data transmission is encrypted this way, by using the pseudo-random number as a "mask"; an "Exclusive OR" operation is used to combine the frame and the pseudo-random number into an enciphered datastream.

The session key shared by all stations is static, which means that to deploy a large number of WiFi stations, they must be configured using the same session key. Therefore, knowing the key is all that is needed to decrypt the signals.

Furthermore, 24 bits of the key are used only for initialisation, which means that only 40 bits of a 64-bit key, or 104 bits of a 128-bit key, are actually used for encryption.

For a 40-bit key, a brute force attack (which tries all possible keys) might not stop a hacker from quickly finding the session key. Also, a flaw detected by Fluhrer, Mantin and Shamir in the generation of the pseudo-random stream makes it possible for the session key to be discovered by storing and analysing 100 MB to 1 GB of traffic.

Therefore, WEP is insufficient for actually ensuring data privacy. Nevertheless, it is strongly recommended to use at least a 128-bit WEP key to ensure a minimum level of privacy. This can reduce the risk of intrusion by 90%.

Improve authentication

In order to more effectively manage authentication, authorisation, and accounting(AAA for short), a RADIUS server (Remote Authentication Dial-In User Service) may be used. The RADIUS protocol (defined by RFCs 2865 and 2866) is a client/server system which lets user accounts and related access permissions be centrally managed.

Setting up a VPN

For all communications which require a high level of security, it is better to use strong encryption of data by installing a virtual private network (VPN).

Last update on Thursday October 16, 2008 02:43:15 PM.

This document entitled « Wi-Fi wireless network security (802.11 or WiFi) » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.

Results for Wi Fi wireless network security (802.11 or WiFi)

WiFi - WEP To solve transfer security issues on wireless networks, the 802.11 standard includes a simple data encryption mechanism called WEP (Wired equivalent privacy). WEP has many flaws, making it vulnerable. Nevertheless, it exists as a security solution in... en.kioskea.net/wifi/wifi-wep.php3
Wireless network question Hello, i have a wireless network using 802.11g ,i get my ip frm DHCP server my question is: when i change my mac address to the mac address of my friend (who is get from the same provider as me) (when he is offline) the DHCP server give me his ip but... en.kioskea.net/forum/affich-34440-wireless-network-question
What is Wi-Fi and how it works What is Wi-Fi and how it works How does Wi-Fi work? Frequencies What is a Hotspot? How to make a Wi-Fi connection Wireless technology has widely spread lately and you can get connected almost anywhere; at home, at work, in... en.kioskea.net/faq/sujet-298-what-is-wi-fi-and-how-it-works

Results for Wi Fi wireless network security (802.11 or WiFi)

Can your microwave oven affect your Wi-Fi connection?Can your microwave oven affect your Wi-Fi connection? Myth Truth Myth Your microwave oven can reduced affect your Wi-Fi connection. Truth Don't be suprised if your Wi-Fi connection goes down when an nearby Microwave oven is... en.kioskea.net/faq/sujet-445-can-your-microwave-oven-affect-your-wi-fi-connection
Securing your wireless networkSecuring your wireless network What is Wi-Fi? Ad-hoc mode Infrastructure mode connection Security and protection What is Wi-Fi? Wi-Fi regroups various IEEE802.11 standards and technologies, using radio waves to provide reliable... en.kioskea.net/faq/sujet-431-securing-your-wireless-network
(Wi-Fi) Wireless Configuration for your laptop(WiFi) Wireless Configuration for your laptop What is SSID? Wireless Channel Selection WEP How to set up your wireless connection For Acer users For Asus users For DELL users For Compaq users For Fujitsu Siemens For Gericom... en.kioskea.net/faq/sujet-294-wi-fi-wireless-configuration-for-your-laptop
More answers

Results for Wi Fi wireless network security (802.11 or WiFi)

Laptop connection in wi-fi areaHi! I am student in one of college of Pune .Our college is wi-fi area. I have Laptop but i don't know, how connect to the internet of my Laptop. en.kioskea.net/forum/affich-26575-laptop-connection-in-wi-fi-area
Networking Security IssuesHello, I have been having TONS of issues with my wireless home network, most of which I won't go into. But I thought I would ask about one oddity I noticed. So I have a netgear adapter on one of my computers. When I scan for network, I get a list... en.kioskea.net/forum/affich-13775-networking-security-issues
Wahts the difference between lan and wii fi??Hello, i wonder the difference between lan and wii fi and why so,,,thank u for ur help;-) en.kioskea.net/forum/affich-16280-wahts-the-difference-between-lan-and-wii-fi
More answers

Results for Wi Fi wireless network security (802.11 or WiFi)

Download Cordless Internet HandsetAre you looking for a wireless internet kit? Do not seek any more, Cordless Internet Handset is made for you, produced good range from Logitech, you will find easily and easily satisfaction by using it. Here thus, for those which have it already, this... en.kioskea.net/telecharger/telecharger-969-cordless-internet-handset
Download Speak FreelyThe most part of instantaneous freight forwarding do not support vocal conversation. Speak Freely is a Windows application allowing to discuss and to speak with voice across network. If your network connection is not rather quick to support the... en.kioskea.net/telecharger/telecharger-165-speak-freely
Download SharePodSharePod is an administrator of file mp3. It integrates with the readers mp3 the most recent: Ipod and iTunes. He allows to transfer file of on the disc of Ipod.He can show under Windows files stocked in READER MP3. It inserts a research motor which... en.kioskea.net/telecharger/telecharger-816-sharepod
More answers

Results for Wi Fi wireless network security (802.11 or WiFi)

Bangkok offers 15,000 free Wi-Fi spotsA Wi-Fi hotspot sign. The Thai capital will offer 500,000 people free Wi-Fi access starting Thursday, in a pilot project that will provide 15,000 hotspots for them to get online, Bangkok's municipal government said. The Thai capital will offer... en.kioskea.net/actualites/bangkok-offers-15-000-free-wi-fi-spots-10483-actualite.php3
Google offers to imbue all websites with social networkingA file photo shows the Google logo at a book fair in Frankfurt, Germany. The web giant has set out to enable all websites to be imbued with common social networking features along the lines of MySpace and Facebook Google has set out to enable all... en.kioskea.net/actualites/google-offers-to-imbue-all-websites-with-social-networking-10365-actualite.php3
More answers

Results for Wi Fi wireless network security (802.11 or WiFi)

WiFi - 802.11i / WPA2 802.11i was ratified on 24 June 2004, in order to address security issues in WiFi networks. Like WPE, it relies on the TKIP encryption algorithm, but it also supports the much more secure AES (Advanced Encryption Standard). The Wi-Fi Alliance created... en.kioskea.net/wifi/wifi-wpa2.php3
Wireless Networks - Wireless Metropolitan Area Networks (WMAN) A Wireless Metropolitan Area Network (WMAN) is also known as a Wireless Local Loop (WLL). WMANs are based on the IEEE 802.16 standard. Wireless local loop can reach effective transfer speeds of 1 to 10 Mbps within a range of 4 to 10 kilometres, which... en.kioskea.net/wireless/wman.php3
Wireless newtorks - Wireless local area networks (WLAN) A wireless local area network (WLAN for short) is a network covering an area equivalent to that of a business's local network, about a hundred metres in range. It allows terminals within the area of coverage to be linked to one another. There are... en.kioskea.net/wireless/wlan.php3
More answers