Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
We further break down Wireless Access Points, look at their encryption types, how they give address so the network. You'll learn the significance of antenna placement, what a "side survey" is, when it's used and why, what a captive portal is, the various types of encryption there are for Wireless Access Points, their differences, and where TCP and IP function. Now we will be discussing security issues related to wireless networking. With wireless networks the most important thing here is our wireless access point. The wireless access point is a device with which we gain access to the network wirelessly, access to the internet or access to the network wirelessly, usually a device we have to set up on the facility to put the signals in the air. The first thing to consider is the antenna placement. Where do we place the antenna? We have to give considerations for physical security. You don't want to put your antenna where somebody could just walk in, grab the antenna and walk away. You want to have physical security for your antenna. You also want to ensure that all users of that antenna have good signal coverage. So you must do what we call a site survey. You carry out a site survey to determine the best position possible such that all your users have very good access and signal strength. Then you have to give consideration to the default parameters that ship with the access point. Parameters like the SSID. The Service Set Identifier. This could be in many cases just the product name itself. You want to change that. You also want to change the default ID and the password with which the router is managed. You want to change all these because if you leave those, somebody scanning the environment to see available networks could simply learn the name of the device and check out online the default parameters for such a device. You want to change your SSID, you want to change the account name, you want to change the password. When you change the SSID, it is also good practice you don't have to give it your name so someone does not know it's for you to specifically target you. Some random names and numbers could be used. Our SSID; that is the Service Set Identifier. A name to identify your service. When you're searching for available networks, best practice is to prevent some other people scanning and determining your SSID. In many cases by default it's enabled. We could disable the broadcast. You could disable the broadcast such that somebody scanning to see available networks do not see your SSID. If you want to increase the spread of your signals or reduce the spread of your signals, then you have to alter your power level controls. The power level controls increase or reduce the spread the signals. So you could increase it to increase the range your signals can travel or you would reduce the power level controls to reduce the spread of the signals. You also could determine that you will need to do access control for your access point. Then we do MAC filtering. The ability to limit access to the access point based on the MAC address. The MAC address is a unique set of numbers for every device that can connect to your wireless access point or a network. You could enable MAC filtering based on the MAC address of the device to prohibit or limit what devices have access to your wireless access point. When users attempt to connect to your wireless access point, they could also have captive portals. This is where an interface could be built through the browser where they must identify themselves, provide their credentials, their usernames and ID and password before they're able to have access to the network. We call this captive portals. Encryption for our wireless access point is also very important. We have several types of encryption. We have WEP, WPA and WPA2. WEP is the weakest form of encryption. It is not advised these days to have WEP. It can easily be cracked. WEP is vulnerable to the IV attack where it keeps the credentials constant so they can easily be cracked. Rather we would prefer to do WPA and WPA depends on TKIP. The temporal key integrity protocol. However some people have been able to compromise that so we move over to WPA2. WPA2 depends on CCMP. Till date, this is the strongest form of encryption we have so if your devices can support either WPA or WPA2, it is better to have these than it is to have WEP. Whatever you do you must ensure you have some form of encryption on your access point. Otherwise your access point could be used to launch attacks on the internet or to upload prohibited material on the internet.