Attackers gain access to a network by being within range of an unprotected wireless network. When installing wireless services, you should apply wireless security techniques immediately in order to prevent unwanted access to the network.
Use a wireless encryption system to encode data and thereby prevent unwanted capture and use of the data. Both ends of every link must use the same encryption standard.
The levels of security include:
• Wired Equivalent Privacy (WEP) was the first-generation security standard for wireless. Attackers quickly discovered that WEP encryption was easy to break. The encryption keys used to encode the messages could be detected by monitoring programs.
• Wi-Fi Protected Access (WPA) was created as a temporary solution until the 802.11i (a security layer for wireless systems) was fully implemented. Now that 802.11i has been ratified, WPA2 has been released. It covers the entire 802.11i standard.
• Lightweight Extensible Authentication Protocol (LEAP), also called EAP-Cisco, is a wireless security protocol created by Cisco to address the weaknesses in WEP and WPA. LEAP is a good choice when using Cisco equipment in conjunction with operating systems such as Windows and Linux.
• Wireless Transport Layer Security (WTLS) is a security layer used in mobile devices that employ the Wireless Applications Protocol (WAP). Mobile devices do not have a great deal of spare bandwidth to devote to security protocols. WTLS was designed to provide security for WAP devices in a bandwidth-efficient manner.
Teaching Strategy: Wireless is very convenient but when you send messages over the air you make it easier for an attacker to join your network or monitor your incoming and outgoing traffic. A computer technician must know how to configure wireless NICs and access points using the appropriate level of security. The default settings on an access point are designed for fast connectivity and are not secure. Some of the changes to be made to the default settings of the access point might include; disable DHCP and use static IP addresses, change SSID from default, disable SSID broadcast, change default username and password, update firmware, and enable a firewall