Wireless networks: benefits, risks, and control of wireless security. “You are the air I breathe!” Has anyone out there ever heard this cliché? It is a popular metaphor used poetically when someone wants to demonstrate the importance of another person. Since biologically without oxygen we stop breathing! Just as we no longer live without wireless networks.
Thus, in the context of digital communication, we can choose the Wireless Network as the beloved object, the air that makes the virtual connection breathe.
But, romanticism aside, the wireless network is indeed fundamental to the needs of communication via the Web. It is the solution to connect people, businesses, and companies, through devices at home, in the office, on the street, and wherever the user is!
Increasingly popular, wireless networks enable connections from laptops, desktops, smartphones, and many other devices. It’s the convenience of being able to communicate and work in any environment, without the worry of having to find a power outlet! What you need to find are secure Wi-Fi bands to connect, browse and interact!
Understanding how Wi-Fi bands “play”
A Wi-Fi band is like a street where data travels. And the greater the amount of bands, the better the traffic on the network works!
Each router band is divided into communication channels, which are independent, just like traffic lanes on a street. So an out-of-band channel is like a lane on another street.
Setting the channel selection to automatic causes the router to select the Wi-Fi channel with the best signal performance for data transfer (wider channels). And when the router does not have the automatic feature, the solution is to choose the channel that demonstrates better performance within the network.
But, it will depend on wireless interference in the network environment (interference from other routers and devices connected on the same channel).
And the solution?
Therefore, having several routers is a solution for better functioning in these cases, configuring each one to use a different channel, especially when they are close to each other.
Wider channels offer, along with connection speed, a greater propensity for interference. And therein lies the bottleneck for information security!
The good thing is that setting up a wireless network is very easy and cheap! However, as we know, not everything is rosy. However, the “thorn” of the question is: what can wireless do with network security?
Because, if it is so easy for an employee of the supplier company, for example, to connect to the customer’s network, it means that others can also do the same, thanks to the interference of other routers and devices that can connect to the same channel!
But the good news is that you can set up a wireless network safely! At least as secure as a wired network, after all, vulnerabilities, threats, and risks are phantoms without limits!
Achieving a secure wireless network setup requires careful planning, execution, and testing. Properly configured encryption is also an excellent ally in this critical mission of operating a secure wireless network.
The danger is in the air
For a connection between a wired network and a wireless network to take place, we need wireless access points (WAP).
In practice, WAPs are radios, send and receive network information over the air between wireless devices and wired networks. And anyone within range of a WAP’s radio waves can communicate with it, and try to connect to the network.
Wireless connection opens up a range of network vulnerabilities. These vulnerabilities are powerful targets for black hat hackers (evil hackers!).
And that’s because, with wireless networks, the range of WAPs extends beyond walls and fences that limit the range of wired networks, as wireless signals, transmitted over the air, are not interrupted.
That’s why security needs to be even more efficient! Even because attackers know that it is much easier to spy on a wireless network than on a wired network!
In fact, it’s very simple for anyone within the radio range of the network to capture all the data it sends. So…if that data isn’t encrypted… It’s fair game for an attack!
But it’s a good thing it’s possible to secure a wireless network!
Encryption is the main ally in the war against espionage that terrorizes wireless networks, followed by other techniques that also offer additional security, such as:
- Disabling the SSID beacon;
- Implementation of MAC address filtering.
The power of encryption
Encryption is the best option for protecting the wireless network because it makes it impossible for a stranger to see the information that travels over the network.
Without encryption, all wireless user activity is visible to anyone within the radio range of the network.
Imagine the scene of a cracker (Hacker black hat) sitting in the parking lot of your building, with a cheap antenna connected to a standard laptop, monitoring everything that is happening on your wireless network… Can you imagine? It’s revolting, isn’t it? But, we know it’s totally possible.
That’s why it’s recommended to use strong encryption. And to better understand this level of encryption, we can look back and talk about the beginning of cryptographic history, when it used only WEP (Wired Equivalent Privacy) technology.
I don’t know if you remember or know, but WEP is a very basic encryption that relies on the RC4 encryption algorithm created by Roo Rivest for RSA in the late 1980s.
The bottom line is that since its release, security analysts have discovered significant flaws in WEP that make it insecure.
There is free software available on the Internet to break the encryption on WEP networks, so we can conclude how easy it is. Hackers do it in a matter of seconds!
This is why using WEP on a wireless network is said to be worse than using no encryption at all. Because it ends up giving a false sense of security.
But, thankfully, the technology has evolved and reached the Wi-fi Protected Access (WPA) standard, using strong AES encryption to protect data on networks, without the vulnerabilities of WEP.
WPA, in addition to being efficient, is easy to configure. In the basic form, simply enter a shared secret key in the network configuration of each connected computer.
In more advanced forms, it needs to override the shared secret key, which generates a unique name and password for each user. These passwords can be the same as the user’s normal credentials using a central authentication server such as a Remote Authentication Dial ln User Service (RADlUS) server.
SSID beacon: “Is it eating?” No! is to navigate
You know when you’re at a food court inside a mall, turn on your Wi-Fi and the names of available wireless networks appear? This is possible thanks to SSIDs, which notify all available networks.
SSID (Service Set Identifier), in Portuguese: Service Set Identifier, which is a name for a local area network, a LAN, or a wireless network.
It is a way of conveying the presence of wireless networks to the public by showing the public name of each one. An SSID, therefore, is an identifier for the network’s set of services.
But it is possible to prevent the network from advertising itself to the public; just disable the SSID beacon on the wireless access points. With the SSID beacon disabled, anyone who wants to connect to this network will need to search for it by name.
This feature works well when the network users are regulars, but if there are guests or if the access audience is irregular for any other reason, it is certainly not a well-regarded feature.
MAC Address Filtering
MAC address filters are a possibility that WAPs allow controlling which computers can connect to the network.
With this technology, it is possible to provide a list of acceptable MAC addresses for the WAP.
In this way, there is a way to allow only approved computers to connect to the network. It is also possible to deny access to all other unapproved computers.
But there is a downside to this MAC address filtering technique, which is that it is cumbersome to maintain. That is, for a network with many computers, it is difficult to update the list of acceptable MAC addresses.
That’s why the use of MAC address filtering should be adopted when appropriate, like all other security technologies as well.
The truth is, no network is completely secure, but if we put the right security controls in place, we can make networks more secure!
The secret is never to depend on a single control. Always use layered controls. After all, we know very well that a smart attacker is always able to compromise one or more of the adopted controls.
Therefore, it is best to give the attacker work, offering him various controls as obstacles to make it as difficult as possible to access the data.
With these precautions, it is possible to efficiently protect a wireless network, which is the “oxygen” so necessary for the existence of digital communication.