...3/20/2014 www.informationweek.com/whitepaper/download/showPDF?articleID=901061&site_id=&profileCreated= The Cable Guy - May 2005 Wi-Fi Protected Access 2 (WPA2) Overview By The Cable Guy The original IEEE 802.11 standard provided the following set of security features to secure wireless LAN communication: Two different authentication methods: Open system and shared key The Wired Equivalent Privacy (WEP) encryption algorithm An Integrity Check Value (ICV), encrypted with WEP, which provided data integrity Over time, these security features proved to be insufficient to protect wireless LAN communication in common scenarios. To address the security issues of the original IEEE 802.11 standard, the following additional technologies are used: The IEEE 802.1X Port-Based Network Access Control standard is an optional method for authenticating 802.11 wireless clients. IEEE 802.1X provides per-user identification and authentication, extended authentication methods, and, depending on the authentication method, encryption key management dynamic, per-station or per-session key management and rekeying. Wi-Fi Protected Access (WPA) is an interim standard adopted by the Wi-Fi Alliance to provide more secure encryption and data integrity while the IEEE 802.11i standard was being ratified. WPA supports authentication through 802.1X (known as WPA Enterprise) or with a preshared key http://www.informationweek.com/whitepaper/download/showPDF?articleID=901061&site_id=&profileCreated= 1/6 ...
Words: 1834 - Pages: 8
...TERM PAPER Wireless LAN Security Enabling and Protecting the Enterprise INSIDE INSIDE ∆ Wireless LAN Technology ∆ ∆ ∆ Benefits of Wireless LANs Security Risks and Technical Challenges Recommendations WIRELESS LAN SECURITY Contents Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Wireless LAN Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Benefits of Wireless LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Simplified Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Extended Reach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Increased Worker Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Reduced Total Cost of Ownership and Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Security Risks and Technical Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 “Leaky” Buildings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Unapproved Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Exposure of Wireless Devices . . . . . . . . . . . . . . . ....
Words: 2559 - Pages: 11
...Wireless security policy for a medium-sized banking organization using the following structure: Wireless Security Policy - A wireless policy for a medium-sized banking organization will needed to deploy a wireless LAN to the network and there will not need an onsite IT. The remote can be manage by a standalone intelligent access point which will integrated the wireless LAN by streamline the configuration and management the system. The Network infrastructure wills us a Cisco system for Layer 2 and 3 switching, routing platforms, and voice over IP (VoIP) along with a security management. The Cisco Integrated Services Router will give all data a robust excellence quality for service, VPN, firewall, network security, and encryption for all medium sized origination with an intrusion detection that will address the business needed. To extend the value of the wireless LAN you can use a Cisco Wireless LAN Controller Module for the environments of a medium size origination. The mobility services that are enables by the robust which will include a guest network voice by the WLAN and location tracking. The Cisco 2800 or 3800 Series Integrated Services Router will give the medium size business faster upgrades with a streamline management and a greater reliability. It’s also have a backbone for infrastructure and deploy is cost effectively along with a secure WLANs management. This will give the medium size origination the greatest wireless system secure for the enterprise. Centralized...
Words: 467 - Pages: 2
...I. Introduction: Wireless Local Area Network (WLAN) is the linking of two or more computers without using wires. WLAN makes use of the spread spectrum technology based on radio waves to enable communication between two devices in a limited area. Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity) standards are one of today's fastest growing technologies in businesses, schools, and homes, for good reasons. They provide mobile access to the Internet and to enterprise networks so users can remain connected away from their desks. These networks can be up and running quickly when there is no available wired Ethernet infrastructure. They are reported to reduce setting up costs by 15%. But, with these benefits come the security concerns. WLANs have very little security. An attacker can listen to you, take control of your laptops/desktops and forge him to be you. He can cancel your orders, make changes into your databases, or empty your credit cards. a. The 802.11 Wireless LAN Standard: In 1997, the IEEE ratified the 802.11 Wireless LAN standards, establishing a global standard for implementing and deploying Wireless LANS. The throughput for 802.11 is 2Mbps, which was well below the IEEE 802.3 Ethernet counterpart Late in 1999, the IEEE ratified the 802.11b standard extension, which raised the throughput to 11 Mbps, making this extension more comparable to the wired equivalent. The 802.11b also supports...
Words: 2926 - Pages: 12
...Solution | Healthcare Network Allied Telesis Healthcare Network Construction Guidebook Contents Healthcare Network Solution | Introduction Outline of a Healthcare Network Importance of the network Main requirements in designing a healthcare network Non-stop Network Network bandwidth and QoS (Quality of Service) Data capacity Network bandwidth and cost of LAN devices QoS (Quality of Service) Redundancy and proactive measures to overcome network failures Core switch redundancy Comparison of redundancy of communication Loop protection Secure and Reliable Network Security Importance of security: both physical and human factors Threats to network security Network authentication External network (Internet) connection Inter-regional cooperative healthcare network Effective use of Wireless LAN Security in Wireless LAN Install and operation of Wireless LAN Ease of Operation Critical issues for network operation SNMP (Simple Network Management Protocol) Measures against system failures; device failures, incorrect wiring Use of SNMP IPv6 Network Configuration Example Network configuration for hospitals with fewer than 100 beds Network configuration for hospitals with more than 100 and fewer than 200 beds Network configuration for hospitals with more than 200 beds (i) Network configuration for hospitals with more than 200 beds (ii) 3 4 4 5 7 7 7 8 9 10 10 11 12 13 13 13 14 15 19 20 21 21 22 23 23 24 24 25 26 27 28 30 32 34 2 | Healthcare Network Solution Healthcare Network...
Words: 8999 - Pages: 36
...Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the past thirteen years, and still new articles appear saying similar warnings, with only the solutions evolving with the technology. Suggested solutions will include security literacy regarding APs and their devices and their compliance; security audits to re-evaluate configurations of current...
Words: 18577 - Pages: 75
...An ISS Technical White Paper Wireless LAN Security 802.11b and Corporate Networks 6303 Barfield Road · Atlanta, GA 30328 Tel: 404.236.2600 · Fax: 404.236.2626 WWireWireless Lan Security 802.11b Wireless LAN Security Introduction Although a variety of wireless network technologies have or will soon reach the general business market, wireless LANs based on the 802.11 standard are the most likely candidate to become widely prevalent in corporate environments. Current 802.11b products operate at 2.4GHz, and deliver up to 11Mbps of bandwidth – comparable to a standard Ethernet wired LAN in performance. An upcoming version called 802.11a moves to a higher frequency range, and promises significantly faster speeds. It is expected to have security concerns similar to 802.11b. This low cost, combined with strong performance and ease of deployment, mean that many departments and individuals already use 802.11b, at home or at work – even if IT staff and security management administrators do not yet recognize wireless LANs as an approved technology. This paper addresses the security concerns raised by both current and upcoming 802.11 network technologies. Wireless LAN Business Drivers Without doubt, wireless LANs have a high gee-whiz factor. They provide always-on network connectivity, but don’t require a network cable. Office workers can roam from meeting to meeting throughout a building, constantly connected to the same network resources enjoyed by wired...
Words: 3757 - Pages: 16
...with a LAN. The multitude of packets floating around going from one or more access points to a variety of electronic devices can be a tempting arena for those wanting to gain illicit access. There are several ways to increase the security level of a WLAN. The most basic of these would be a router with an integrated firewall. This is almost exclusively found in residential settings. Keeping to the same architecture, firewalls can be quite complex in their modus operandi. Where basic firewalls work on the first three or four layers of the OSI model, the more complex firewalls operate on all seven levels of the OSI model. Often times accompanying these higher end firewalls, there is what is known as a bastion. A bastion is located on the public side of the firewall and acts as bait for would be attackers. The thought behind a bastion is to get the would-be attackers to go there, thinking they have accessed the protected network. Bastions are completely unguarded to make this process easier. Another method of making a WLAN secure is to encrypt data that is on the network. If this is done, the users will authenticated, which will yet again further strengthen the WLAN. For this it is recommended to utilize either WPA or WPA 2 wireless encryption. In conjunction to the encryption, use VLAN or MAC address control lists, to further increase the level of difficulty for the hackers. If the security needs of an organization are such that they require these measures in their security plan,...
Words: 504 - Pages: 3
...Associate Program Material Appendix J Wireless Network Plan Use the following outline to create your wireless network plan. Fill in each section of the plan as required. Deployment Scenario Infrastructure Deployment Scenario Rationale An infrastructure wireless network provides a more reliable network connection for wireless clients. If we strategically placed the stationary base we can maximum reception. Infrastructure mode networks offer the advantage of scalability, centralized security management and improved reach. Hardware Components • Component Name: Access point o Rationale for using component: Receive and transmit signal that can be picked up by any node that has the ability to receive wireless signals through a wireless network interface card. o Rough cost estimate: $100 • Component Name: Switches o Rationale for using component: Give the ability to expansion of a WLAN o Rough cost estimate: $250 • Component Name: Cables o Rationale for using component: The access point is connect to wired network with cables to give wireless access o Rough cost estimate:$10 IEEE Wireless Network Type Apex Designs has identified that an 802.11n LAN will be implemented. Access Point Management Apex Designs has decided that thin access points will be used to simplify the management of the wireless LAN. These access points allow the wireless network to be managed from one central location rather than to...
Words: 503 - Pages: 3
...that allows an electronic device to exchange data wirelessly (using radio waves) over a computer network, including high-speed Internet connections. The Wi-Fi Alliance defines Wi-Fi as any "wireless local area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards".[1] However, since most modern WLANs are based on these standards, the term "Wi-Fi" is used in general English as a synonym for "WLAN". A device that can use Wi-Fi (such as a personal computer, video game console, smartphone, tablet, or digital audio player) can connect to a network resource such as the Internet via a wireless network access point. Such an access point (or hotspot) has a range of about 20 meters (65 feet) indoors and a greater range outdoors. Hotspot coverage can comprise an area as small as a single room with walls that block radio waves or as large as many square miles — this is achieved by using multiple overlapping access points. "Wi-Fi" is a trademark of the Wi-Fi Alliance and the brand name for products using the IEEE 802.11 family of standards. Only Wi-Fi products that complete Wi-Fi Alliance interoperability certification testing successfully may use the "Wi-Fi CERTIFIED" designation and trademark. Wi-Fi has had a checkered security history. Its earliest encryption system, WEP, proved easy to break. Much higher quality protocols, WPA and WPA2, were added later. However, an optional feature added in 2007, called Wi-Fi Protected...
Words: 2476 - Pages: 10
...advantages of wireless networking. 1. User mobility in the workplace. 2. A cost-effective networking media for use in areas that is difficult or too costly to wire. 2. What are the three areas defined for the IEEE 802.11 standard? 1. Physical Layer (PHY) The method of transmitting the data, which may be either RF or infrared (although infrared is rarely used.) 2. Medium Access Control (MAC) I. The reliability of the data service. II. Access control to the shared wireless medium. III. Protecting the privacy of the transmitted data. 3. MAC management protocols and services I. Authentication, association, data delivery, and privacy. 3. What is an ad hoc network? 1. In this network, the wireless clients (stations) communicate directly with each other. This means the clients have recognized the other stations in the WLAN and have established a wireless data link. 2. The fundamental topology of the WLAN is the Basic Service Set (BSS). This is also called the independent Basic Service Set, or ad hoc network. 4. What is the purpose of an Extended Service Set? 1. By adding multiple access points to the network, the range of mobility of a wireless client in the LAN is extended. 2. Definition - The use of multiple access points to extend user mobility Hand-off. 5. What are the four physical layer technologies being used in 802.11 wireless networking...
Words: 1687 - Pages: 7
...A wireless local area network (WLAN) is a wireless machine organize that connections two or more gadgets utilizing a wireless dispersion system (regularly spread-range or OFDM radio) inside a constrained region, for example, a home, school, machine research centre, or office building. This gives clients the capacity to move around inside a nearby scope zone & still be joined with the system, & can give an association with the more extensive Internet. Most present day WLAN’s are focused around IEEE 802.11 norms, showcased under the Wi-Fi brand name. Advantages of WLAN:- * Client versatility * Voice & information administrations * Versatile structural engineering * Accessibility of all Hipath Voip system administrations * Access to focal applications * Handover between access focuses * Vigorous model for industry * Temperate access focuses * Fitting and-Play construction modelling * Hearty controller * Security on the level of altered systems * "Little Enterprise" alternative with own controller * "Extension Office" alternative for little extensions where wireless controller is utilized. Issue’s & Solution:- There has been a genuine issue with security issues since the initiation of Wireless LAN, we studied the current wireless local area network confront a portion of the real security issues, & portrays the relating arrangements. As of late, with the ubiquity of an assortment of wireless gadgets &...
Words: 590 - Pages: 3
...Topic 1 a) Discuss any 3 key skills and characteristic should an information system manager posses. b) Today’s Point of Sales – Electronic Fund Transfer (POS-EFT) system requires several components to function. List and discuss the function for these components. a) An Information System (IS) manager has two principle roles within an organization. He has to be able to manage the change processes that are inevitably initiated by the introduction of technology into his workplace, and he has to manage the operational aspects of business and organizational activities founded on computing and communication technology. Hence an IS manager is a leading figure in both organizational change and performance. From this definition, it is a natural deduction that for IS manager to work effectively, they must have or need to be: * Detailed knowledge of the organization’s mission and vision, its peculiar business strategies and implementation skills. With these understanding, the IS manager will then be able to design an information system which can help the organization to achieve its goal. * Skilled in inter-personal management. This consists of communication skills both written and oral, people oriented and also negotiation skill. Regardless of how an organization structures its information system department, system development is a team effort. So learning how to work and communicate effectively with other team members is important for any information system professionals...
Words: 1563 - Pages: 7
...Classify Data for Access Control Requirements Lab Assessment Questions & Answers 1. What is the Data Classification Method used in the Military and Government Agencies that line up with the corporate data classification method defined earlier in this lab? Explain. Secret- This is the second-highest classification. Information is classified Secret when its release would cause "serious damage" to national security. Most information that is classified is held at the secret sensitivity. 2. Describe one way to help prevent unauthorized users from logging onto another person’s user account and accessing his/her data? By authorization, a person have to identify his/herself, the access control system verifies the person’s identity, the access control system must determine whether the person is authorized with a username and passwords 3. What permissions are necessary to allow an Active Directory Group called AD_Group to read and write files in a Sensitive directory such as C:\ERPdocuments\HRfiles? Read-Write permissions (Author) 4. How would you apply the permissions (ACLs) stated above (M,RX) to the AD_Group on C:\ERPdocuments\HRfiles from the command prompt using built-in Windows tools? You can use the extended change access control List tool (Xcals.exe) to modify and view NTFS permissions for files or folders 5. When adding permissions to a directory in an Active Directory Domain, would you prefer to add Groups or individual...
Words: 1377 - Pages: 6
...Network technology has come forward as an important component of IT infrastructure. Within the healthcare industry, the value of an efficient and stable network is immeasurable. The challenge in most industries, especially healthcare, is address security concerns and the rights of the patience. Patton-Fuller Community Hospital, located in the City of Kelsey, is a fully function hospital servicing the local area since 1975. Recently, The Chief Executive Officer (CEO) of Patton-Fuller Community Hospital expressed the desire to design an upgrade to the current network architecture. This design will include upgrades to hardware components and software components. This proposal will discuss and summarize the current network structure, propose an upgrade design to meet future challenges while addressing network security and compliance; more specifically, the transfer and confidentiality of patient records information. Patton Fuller Community Hospital – Current Network The current networking architecture of the Patton-Fuller Community Hospital can be broken down into two major sections. Today the two major backbones of the network include a 1000 Base T using CAT6 cable which provides network access to many administrative and operational areas of the facility. Executive management, Human Resources, Operations, Facilities, Finance, as well as the IT data center are all connected directly to this side of the network backbone. The hospital side is connected via 1000 Base F which...
Words: 1760 - Pages: 8