The commanding officer is having second thoughts on using the wireless network t
ID: 3664671 • Letter: T
Question
The commanding officer is having second thoughts on using the wireless network that was first considered. He is concerned about the security of a wireless network. Prepare a slide presentation on wireless networking and what can be done to secure a wireless network.
Include the following:
You are not limited to shelf products.
Consider proprietary solutions and remote access solutions.
When researching third-party solutions, do not just rely on the vendor’s claims for their products.
Include substantial research material in the speaker notes.
Explanation / Answer
Iam Providinh you brief details. Please Prepare as per your requirements.
Wireless is a more modern alternative to traditional wired networking that relies on cables to connect networkable devicestogether. Wireless technologies are widely used in both home and business computer networks.
Types of Wireless Network Technologies
A variety of technologies have been developed to support wireless networking in different usages including:
More - Guide to Wireless Network Protocols
Advantages of Wireless over Wired Networking
A wireless computer network offers several distinct advantages compared to a wired network but is not without downsides. Advantages of wireless technology include mobility (portability and freedom of movement) and elimination of unsightly cables. Disadvantages of wireless include additional security concerns, plus the potential for radio interference (due to weather, other wireless devices, or obstructions like walls).
The basics
When accessing a wireless connection, you’re typically picking up an Internet connection sent wirelessly from a router or similar device. If unsecured, any computer within range can gain access to this network.
Most routers can be accessed by entering “192.168.1.1” in your browser’s address bar and typing in a username and password. The defaults do vary from router to router. Check the instructional manual included with your router for the default IP address, username, and password. If unavailable, try looking up the router’s defaults at routerpasswords.com, or cirt.net. Most security options can only be accessed through the router’s administrative console and settings.
Enable encryption
Encryption is one of your first lines of defense when it comes to securing a wireless network. It encodes the data sent wirelessly between your device and the router, essentially scrambling the information and restricting open access. There are two main types of encryption you can use:
Wired Equivalent Privacy (WEP): Introduced in the late ’90s, WPA was one of the first security algorithms available to help ensure a protected network. Although it may still be an option for older routers and equipment, it has demonstrated numerous flaws over the years, essentially leading to its demise as far as Internet security is concerned. It’s better than nothing, but it’s outdated and fairly easy to crack.
Wi-Fi Protected Access (WPA & WPA2): Developed as a successor to WEP, WPA and WPA2 are two of the more common advanced security protocols currently used to protect wireless networks. The encryption keys they use change each time a device accesses the network, making it more difficult to hack than WEP. WPA2 is the encryption of choice.
Keep in mind that your device, router, and any other equipment being used must utilize the same encryption to work properly. Your network is only as secure as the least-secure device that’s connected to it. If you have an older router, we suggest replacing it with one that features WPA2 capability. If you’re serious about securing your wireless network, check out ourwireless router buying guide for some helpful tips.
Wireless routers are often not set up with the encryption feature enabled and you’ll need to turn it on before choosing your security options. Most manufacturers will include instructions on how to enable security, while others will go a step further and provide a setup wizard that will include security options when you first access the router. If they don’t, check the company’s website for more information.
Choose WPA2 if possible and create a strong password to help ensure limited access. Try a combination of letters and numbers that only you would know. Also, the longer the password, the tougher it will be to crack. Strive for 10 characters or more. Check out our guide to picking strong passwords for more info.
Change the router defaults
Make sure to change your router’s factory presets (i.e. your admin login and password) to something more secure to prevent any unauthorized users from accessing and changing your router settings. You may also want to change the Service Set Identifier (SSID) name while you’re at it. Most router manufacturers will simply name the SSID after the manufacturer, such as “Linksys,” but it’s a good idea to change the name so others don’t assume you’re using the router’s default username and password as well.
Turn off SSID broadcasting
The SSID functions as a broadcast message that notifies your presence to any and every device within range of your network. All wireless routers have an option to turn off this broadcast, which hides your network from people who may want to access it. It won’t encrypt your data, but no one will try to access a network they don’t know you have. However, this option is not for everyone as some devices have problems connecting to wireless networks if they don’t broadcast the SSID.
Allow access based on MAC addresses
Every network-enabled device – from desktops to tablets – is equipped with a unique, identifying number called a Machine Access Code (MAC). Most common wireless routers will have an option to filter access solely based on the MAC address, allowing wireless access only to devices you have preapproved and prohibiting all others. Simply add the MAC addresses into your router’s administrative settings to enable the filtering option.
The process for locating the MAC address for a particular device depends on which device you intend to use.
When using Windows, open a command prompt, type cmd, and press the “Enter” key. Then type ipconfig .all and hit “Enter” once again to view a detailed list of your computer’s IP settings. The MAC address will be listed as the “Physical Address,” or the six pairs of alphanumeric characters set apart by dashes.
When using Mac OS X, open the system preferences panel, click the “Network” option, and select “WiFi” from the list in the left-hand column. From there, click the “Advanced” option to see the Mac Address (it will be listed under “Wi-Fi ID”).
Other devices, such as a smartphone or tablet, will take a little more detective work, but you can always refer to the owner’s manual if you are having trouble finding where the information is listed. It is possible to clone a MAC address to fool the router, so limiting access based on MAC addresses should be used along with other security precautions.
Limit DHCP
Dynamic Host Configuration Protocol (DHCP) allows you to limit the number of IP addresses your router can assign on your wireless network, thus limiting the amount of devices that can connect. This can be done by accessing your router’s administrative setting and updating the number of devices you want to connect (both wired and wireless). A decent hacker could bypass around the security measure, but it will most likely keep the everyday user at bay.
Reduce wireless signal range
It often proves more difficult to access a wireless network that’s not in range. Your router might have fantastic signal strength, but what if you live in an apartment building where other tenants are living just on the other side of the wall? Try limiting your router’s signal range to only a specified area through one or multiple options. It may take a bit of trial and error, depending on the method.
Some routers will give you an option to decrease the transmitting power in the administrative settings. If possible, change the mode of the router to 802.11g instead of higher signal strengths such as 802.11n or 802.11b, or use a separate wireless channel altogether.
More old-school approaches to limiting your wireless signal include placing the router in certain areas of your house, away from windows, under a bed, or in a cupboard. You can also try wrapping foil around the router antennas to better direct the wireless signal, but this can also slow your connection or even boost your signal strength depending on how you do it.
Disable remote administration privileges
Disabling remote administration privileges is a great way to close the door on anyone looking to access your security settings. The option should be located in your router’s administrative settings and requires all security modifications to be changed directly through a wired connection to your router.
Remote Access Solutions
Remote access
Remote access is defined as the ability of a user to log onto a network from a distant location. This is accomplished with a remote computer connected to the distant network. Whereas remote control refers to taking control of another computer, remote access means that the remote computer becomes a work station on the network. Communication between the network facility equipment and the remote computer is accomplished through a data link. The only difference between a remote user and workstations connected directly to the network is slower data transfer speeds. Remote Access is also useful when you want to connect local office computers with corporate networks. This allows the business to share resources as if all computers are connected to the same LAN. Two common methods of providing this type of remote access are dial-up and Virtual Private Network (VPN).
Dial-up remote access is when a client uses the telecommunications infrastructure to create a physical connection with a remote access server, which is attached to a Local Area Network (LAN). The physical or logical connection between the remote access server and the remote access client is made possible through dial-up equipment. Dial-up remote access is considered a private communication portal. The nature of the dial-up equipment and WAN infrastructure varies, depending on the type of connection. There are several telecommunications technologies can make up the WAN infrastructure used in dial-up remote access. These technologies include Plain Old Telephone Service (POTS), T-carriers, Integrated Services Digital Network (ISDN), Asynchronous Transfer Mode (ATM), and Digital Subscriber Line (DSL). The remote access software dials in directly to the network server. Dial-up access is still prevalent in many companies.
A virtual private network (VPN) is a communications network linked through another network. A VPN connection has a topology more complex than point-to-point. A VPN connection is an Internet connection that is made secure for the use of transmitting data across a WAN. The distinguishing characteristic of VPN is that they overlay other networks to provide connectivity that is useful to a user community. With virtual private network remote access, a VPN client uses an IP internetwork to create a virtual point-to-point connection with a remote access server acting as the VPN server. One common application for a VPN is secure communications through a public network. VPN access has increased in recent years because connection costs between remote workforces and global enterprise locations continue to increase. Companies have begun taking advantage of the Internet as a remote access infrastructure by implementing VPNs.
Remote Access Solution - IP-based VPN
An IP-based VPN has been selected for this network. When choosing between dial-up and VPN for a remote access solution the following factors were considered:
• Cost
• Security
• Performance
VPNs are an increasingly popular option for interconnecting corporate locations over the Internet, including branch offices and telecommuters. Although Frame Relay and ATM continue to be used for VPNs, IP is the most popular type of VPN. A VPN is made possible via access to the Internet, but it is more than an Internet connection. A T1 connection to the Internet can be made into a VPN; however, the T1 alone is not a VPN.
Cost
When considering VPN versus other Wide Area Network designs the topic of cost is usually at the forefront. One of the best arguments for VPN is that you get more for less. VPN solutions can cost as much as 50% less than comparable T1 Frame Relay or Private Line services, while providing the same throughput and reliability. Because VPN, like most other Wide Area Network services, can be delivered on a T1 it provides many of the same advantages. T1 lines can be provisioned to provide both voice and data service, reducing the overall cost for the T1 line. Many carriers offer a managed VPN or network VPN solution. In this scenario, the tunneling and encryption is handled at the edge of the carrier's network, this reduces the company’s exposure to significant equipment or software costs. This includes customer premise equipment, software updates, equipment service and support, and management of the network.
Security
Security on networks is required due to increased remote access and also an increase in the type of hardware used to access the network. Companies that are concerned about their private information being accessed through the network connection are implementing VPNs. VPNs have gained favor as a security solution because they are standards based and relatively inexpensive. A major security issue is that network connection ports can be exploited by various threats, including viruses, hackers and spyware. On a VPN, before any function can be performed by an outside user, he/she must first connect via a VPN client. After proper authentication, they can connect to other network functions. This provides a secure network connection. VPNs have gained favor as a security solution because they are standards based and relatively inexpensive. VPNs need to be designed and operated with well-thought-out security policies. Organizations using them must have clear security rules supported by management.
Performance
AVPN can be deployed using a number of connection speeds including: Dialup, DS0, T1 and T3. T1 is the most common speed for VPN, and is the carrier speed selected for this network. Dedicated voice service or non VPN Internet access can be added to the T1 line. This is done using a fractional T1.Selected segments of the VPN can be securely opened to business partners, suppliers and clients. Companies can leverage their VPNs by running voice over the virtual circuits between their locations. IT specialists only need to plan and configure the authentication and connection.
Network Protocols
Two popular VPN protocols were considered. Internet Protocol Security (IPsec) and Secure Socket Layer (SSL). IPsec is the most common protocol for secure VPNs. IPsec protocols operate at the network layer, or layer three of the OSI model. SSL protocols operate from the transport layer up, OSI layers four through seven. This makes IPsec more flexible because it can be used for protecting layer 4 protocols, including both TCP and UDP, the most commonly used transport layer protocols. IPsec has an important advantage over SSL. Application level programs do not need to be designed to use IPsec. The ability to use SSL or other higher-layer protocols must be incorporated into the design of the application. The limitation of IPSec; however, is that it can only carry IP packets.
SSL VPNs are designed to address the needs of diverse users that need secure access to administrator-specified corporate resources. These resources are accessed from a wide variety of devices from many locations. The network administrator can change both the access methods and the resources allowed as the users’ circumstances change. The users can include mobile employees, contractors, offshore employees, business partners, and customers. As a result, SSL VPNs offer users the convenience of being able to access corporate resources using any Web-enabled device from anywhere. Disadvantages to SSL VPN include additional hardware and training costs and they require extensive administrator authorization and authentication.
IPSec VPNs were created to meet the challenge of how to securely provide employees around the world with “always on” connectivity that will enable them to access the corporate resources they need to achieve optimal productivity. This protocol is effective in achieving high performance, redundant, site-to-site connectivity. This technology allows users in geographically distributed locations to operate corporate resources as if they were logging in at the corporate headquarters. This seamless operation simulates actual presence on the LAN. IPsec VPNs are offered by technology vendors such as Cisco, Check Point, Microsoft, Juniper Networks, Sonic Wall, Symantec, and Watch Guard.
Office Applications
Business applications that are supported by this remote access solution include sales, inventory, communication, internet, database access, finance, and human resources. This solution also supports Voice Over IP, client/server applications, and e-mail.
Location of Servers
In this scenario, the tunneling and encryption is handled at the edge of the carrier's network. This is a managed VPN which will limit equipment costs. Each office location will have a VPN capable router connected to the T1 connection. Various workstations will also be connected to the LAN at each office.