Increasing Security For Wired and

Wireless Networks

DELA CRUZ, LASTINO , LIM , PADRONES

Introduction
Since the start of the digital age ,network security has been one of the important
aspects of system administration .
The purpose of network security is to protect the network and its components from
unauthorized access and misuse.
An unsecured network may suffer from :

Data Loss
Identity Theft
Reduced System Performance
Unreliable Connectivity
Unauthorized Access

Outline
Security Measures For Wired and Wireless Networks

SSID Hiding
MAC ID Filtering
802.11i Security (WPA2 Encryption)
End to End Encryption
Software Tokens
RF Shielding

Best Practices for Home Networks

Best Practices for Commercial/Enterprise Networks

Service Set Identifier (SSID) Hiding

Security : Low
Disables Broadcasting of SSID (Access Point Name)
Simply configured at router
Hidden SSIDs can be discovered by software such as NetStumbler
Applied to Wireless Connections
Connecting to hidden access points is tedious

MAC ID Filtering
Security : Low
Blocks unwanted users from accessing your network
Configured at router

Can be easily bypassed using spoofing

WLAN administrator must configure the list of clients that will be allowed on the network
MAC spoofing is a technique to change a factory-assigned MAC address

Tedious

802.11i Protocol
Security : Low
Has WPA and WPA2 Encryption
Wifi Alliance Wi-Fi Protected Access (WPA)

Key mixing function to generate per packet key

Sequence Number to protect against reply attack
64-bit message integrity check (MIC)
Uses the same RC4 encryption

Robust Security Network (RSN) or WPA2

Counter Mode with Cipher Block Chaining Message

Authentication Code Protocol (CCMP)
AES encryption with counter mode

End to End Encryption

Security : Medium
Encryption done at Application Layer.
Makes use of Application Layer protocols such as SSH and SSL.
Must make use of strong, user-defined passwords.

SSH - Secure Shell . Uses username/password authentication for connection

establishment.
SSL - Secure Socket Layer. Used to connect to secure servers for transfer of sensitive
information.

USB Tokens
Security: High
Physical devices that authenticates users to access to wireless network
Generates encrypted keys that are time synced with authentication server
Expensive
These portable tokens plug into a computers USB port either directly or using a USB
extension cable. When users attempt to login to applications via the desktop,
VPN/WLAN or Web portal, they will be prompted to enter their unique PIN number. If
the entered PIN number matches the PIN within the USB Token, the appropriate
digital credentials are passed to the network and access is granted. PIN numbers
stored on the token are encrypted for added security.

RF Shielding
Security: High
Applying specialized wall paint that attenuates wifi signal.
Ideal for enterprise applications
Prevents intruders from receiving signals from non-controlled areas ( parking lots)

Best Practices For Home Networks

Use wired connections as much as possible

Use MAC Filtering (best for wired)
Turn on Firewall for every device if possible
Use WPA2 Encryption for wireless access points
Update Anti-Virus software and other threat detection software

Best Practices For Commercial/

Enterprise Networks

Use strong Encryption and Authentication

Physically Secure the APs (Access Points)
Physically Secure the network
Keep the network up-to-date
Train Employees about data security
Implement Network Access Control across all workstations