Hi creamyegg-ga,
The following list below summarizes network security methods that are
currently in use in wired and wireless networks today. Since wireless
networking is a relatively young technology, there are some key
security standards that are used across various wireless products.
These will be identified in the individual methods.
Wired Equivalent Privacy (WEP) Encryption allows for the encryption
of a signal by using a key of a predefined number of bits. The
purpose of this is to provide unidentified users from accessing
network signals without permission. It must be noted, however, that
there are many flaws in this method. This encryption method only
applies to wireless networks.
More information on WEP is available at this UC Berkley research page:
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
MAC Address Filtering "Most access points offer a feature that
defines which clients may connect determined by their MAC address. A
MAC address (media access layer) is a hard-coded identifying address
on a network interface card that is different from an IP address. A
MAC address is usually static and never changeseven when the card is
removed from the computer. With MAC address filtering turned on, a
workstation will not be able to connect unless its MAC address has
been defined on the access point. This security feature is useful in
smaller networks, although keeping a list of updated MAC addresses for
a large network can be too difficult to manage."
MAC Address Filtering can be used on wired or wireless networks.
More information on MAC Address Filtering is available at:
http://www.infopeople.org/howto/security/network/wireless.html
SSID/Network ID - "The SSID is a 7-digit alphanumeric identifier that
is set on the access point. When a client connects to an access point,
it transmits a SSID to associate itself with that network."
SSID can be used in a wireless network environment. To optimize the
security, you can use do the following:
Change the default SSID
Set the SSID mode to closed
Set the access to not broadcast/advertise its SSID
For more information on how to protect you network using SSID, go to:
http://www.infopeople.org/howto/security/network/wireless.html
IP Security (IPSec) Protocol an extension of the IP protocol that
enables data to be encrypted and verified between two computers, even
if the data is being sent over an insecure network such as the
Internet. This can be used in wired and wireless network environments.
A diagram and example of how IPSec functions can be found within the
Windows 2000 resource kit (note that this protocol can be used on
other operating systems):
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/cnet/cndb_ips_omdp.asp
Virtual Private Networking (VPN) "..the extension of a private
network that encompasses links across shared or public networks like
the Internet. A VPN enables you to send data between two computers
across a shared or public internetwork in a manner that emulates the
properties of a point-to-point private link. The act of configuring
and creating a virtual private network is known as virtual private
networking."
This network security network can be used in wired and wireless
networks. Microsoft has a detailed paper outlining the details of VPN
and the protocols it uses:
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/remoteaccess/vpnoverview.asp
Point-to-Point Tunneling Protocol (PPTP) "a method for sending
network packets over an existing TCP/IP connection (called a tunnel).
A VPN requires that the client and server each have an active Internet
connection. The server typically has a permanent connection to the
Internet. The client connects to the Internet via an ISP and initiates
a PPTP connection to the PPTP server from a Dial-Up Networking (DUN)
entry. The connection request includes access credentials (i.e.,
username, password, and domain) and an authentication protocol. RRAS
adds the ability to provide server-to-server connections over PPTP, as
well as permanent network connections."
http://www.winnetmag.com/Articles/Index.cfm?ArticleID=4877
Detailed information on the PPTP is availble from the Microsoft
resource kit:
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/intwork/inbe_vpn_naxe.asp
In summary, there are several network security measures that can be
implemented, though essentially all of them have potential "holes"
that compromise a network's security. A common tactic used by many
network administrators is to implement several of these measure in an
attempt to layer security features and cover up holes.
If you don't understand any of the information above, please feel free
to post a clarification :)
Hope that helps!
answerguru-ga |