* Wireless LAN networks provide freedom of movement, but also require you to address security issues that are not as prevalent on a private cabling system for a wired LAN technology suck as Ethernet
* The main security issues =
- authentication of wireless clients
- confidentiality
- data integrity of wireless LAN frames.
That have 2 authentication on IEEE 802.11 Standard (WEP)
1. Open system authentication does not provide authentication. It provides identification using the wireless adapter's MAC address. Open system authentication is used when no authentication is required . (Free Access)
Process Open system authentication is
The authentication-initiating wireless client sends an IEEE 802.11 authentication management frame that contains its identity.
The receiving wireless AP checks the initiating station's identity and sends back an authentication verification frame.
2. Shared key authentication is not secure and is not recommended for use. It verifies that an authentication-initiating station has knowledge of a shared secret. This is similar to preshared key authentication for Internet Protocol security (IPSec). The 802.11 standard currently assumes that the shared secret is delivered to the participating wireless clients by means of a more secure channel that is independent of IEEE 802.11. In practice, a user manually types this secret for the wireless AP and the wireless client.
Shared key Process is
The authentication-initiating wireless client sends a frame consisting of an identity assertion and a request for authentication.
The authenticating wireless node responds to the authentication-initiating wireless node with challenge text.
The authentication-initiating wireless node replies to the authenticating wireless node with the challenge text that is encrypted using WEP and an encryption key that is derived from the shared key authentication secret.
The authentication result is positive if the authenticating wireless node determines that the decrypted challenge text matches the challenge text originally sent in the second frame. The authenticating wireless node sends the authentication result.
This is recommended for campuses.
Authentication with IEEE 802.1X (WPA,WPA2)
*Elements of 802.1X
- port access entity
- Authenticator
- Supplicant
- Authentication Server
EAP (Extensible Authentication Protocol) Overview
- EAP Over RADIUS (server)
- IEEE 802.1X Authentication Process for EAP-TLS Process for EAP(Extensible Authentication Protocol)-TLS
Conclusion if u wanna get a full security on your wireless use WPA2, because this design for enterprise network and required a radius (server) authentication. but this setup is more complicated but provided additional security (Protection against dictionary attack)
For SEtup your Router security ,u may check your ip from ipconfig
( Click Ctrl + R (Run) > cmd > ipconfig )
Copy your Default Gateway n paste into your Web Browser address,then it will brought your to setup your router ...Just change your security from WEP to WPA for a higher security protection...