Wi-Fi Security: Which solution to choose?

Security is a very important issue and is especially the concern of businesses. Not only that, security is also the reason why businesses are afraid to install wireless local area networks (wireless LAN). They are concerned about security in WEP (Wired Equivalent Privacy), and are interested in new, safer alternatives.

IEEE and Wi-Fi Alliance developed a more secure solution: Wi-Fi Protected Access (Wi-Fi Protected Access) and IEEE 802.11i (also known as "WPA2 Certified" under the Wi-Fi Alliance ) and another solution called VPN Fix that also enhances wireless network security.

According to Webtorial, WPA and 802.11i are used at 29% and 22% respectively. On the other hand, 42% is used for other "situational solutions" such as: securing a virtual private network VPN (Vitual Private Network) over a wireless local area network.

Products suitable for families: Best router for multiple devices

So, which security solution should we choose for wireless networks?

WEP: Security is too bad

WEP (Wired Equivalent Privacy) means wireless security is the equivalent of wired. In fact, WEP brought both user authentication and data security into the same insecure method. WEP uses an immutable 64-bit or 128-bit encryption key (but minus the 24 bits used for the encryption key initialization vector, so the key length is only 40 bits or 104 bits) is used. to authenticate devices that are allowed to access the network, and are also used to encrypt data transmission.

Quite simply, these encryption keys are easily "cracked" by the brute-force algorithm and trial-and-error. Free software such as Airsnort or WEPCrack will allow hackers to circumvent encryption keys if they collect enough of 5 to 10 million packets on a wireless network. With 128-bit encryption keys is no better: 24-bit encryption initializes only 104 bits are used for encryption, and the same method as 64-bit encryption should encode 128 bits. easily cracked. In addition, the weaknesses in the encryption key initialization vectors make it possible for a hacker to find the password more quickly with much less information.

Unpredictable errors in encryption keys, WEP can be made more secure by using an authentication protocol that provides each new encryption key for each session. The encryption key changes per session. This will make it harder for the hacker to collect all the data packets needed to crack the security key.

Bad solution: VPN (Vitual Private Network) Fix

Realizing WEP's weaknesses, business users have discovered an effective way to protect their WLAN wireless networks, called VPN Fix. The basic idea of ‚Äč‚Äčthis approach is to treat WLAN users as remote access service users.

In this configuration, all WLAN access points, and also computers connected to these access points, are defined in a virtual LAN (Vitual LAN). In the secure infrastructure, these devices are treated as "untrusted". Before any WLAN devices can be connected, they will have to get permission from the LAN's security component. The device's data as well as the connection will have to go through an authentication server like RADIUS ... Next, the connection will be established as a secure route encrypted by a protocol. security, such as IPSec, is the same as when using remote access services over the Internet.

However, this solution is also not perfect, VPN Fix needs more VPN traffic for the firewall, and needs to create initialization procedures for each user. Moreover, IPSec does not support devices with many specific functions such as handheld devices, barcode scanners ... Finally, from a network architecture point of view, configuration according to VPN is only a temporary solution. is not a combination with a WLAN.

Security solution by authentication

It is a fact that when it comes to discovering security flaws in wireless LANs, industry has spent a lot of effort solving this problem. One thing to keep in mind is that we need to face two issues: authentication and information security. Authentication ensures that legitimate users can access the network. Security keeps data transmission safe and from being stolen in the air.

One of the advantages of authentication is that IEEE 802.1x uses the Extensible Authentication Protocol (EAP). The EAP is a really good base for authentication, and can be used with a few other authentication protocols. Those protocols include MD5, Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected EAP (PEAP), and Cisco's Lightweight EAP (LEAP).

Fortunately, the choice of authentication protocol only needs a few basic factors. First of all, a mechanism that only needs to provide one or two ways of authentication, called mutual authentication, means that the network authenticates the user and the user will also authenticate again. network. This is very important with WLANs, because hackers can