Designing And Implementing A Secure Enterprise Wireless Network – Ethical Implications
Ethical Implications in the Design and Implementation of a Secure Enterprise Wireless Network
Wireless network is network of a computer that employs the use of wireless connection of data in between the nodes of the network [ 1] . Wireless security is simply the method by which unauthorized access to the wireless network is prevented .
Designing and implementation of a secure wireless network has a lot of benefits to the network users as far as security is concerned.
The most important issue that this type of network helps is that, only authorized number of users or users are allowed to access the system. System authentication and authorization are the two main techniques used to secure the network ethically.
Access authentication is where by the network is given a SSID and a unique password. users when attempting to connect, the network will request the user to input the SSID and password, the details entered will be transmitted for authentication , if the det6ails matches, the user will be allowed to access the network. The information of all the users of the system are guaranteed security since nobody can access the network of another user.
But still securing the network may prohibit the network administrator from monitoring the types of files or information that are being shared through the network , this might led to prohibited information, videos an unauthorized files being shared in the system.
Implementing a secure enterprise wireless network also prevents guests and visitors from accessing the network directly unless they get the access credentials. This prevention may cause problems especially when running and organization that depends on guests and visitors.
The very first security measure that was put into action was Wired Equivalent Privacy(WEP), which was later replaced by IEEE 802.1x Port-Based,authentication, WPA and the IEEE 802.11i protocols due to its weaknesses [3].
WEP was a standard security that was specified by IEEE 802.11 in order to provide wireless network with security at a high level that was equivalent to wired network. The main goals of WEP was according to [3] :
- Confidentiality which prevents other users from eavesdropping , this was using an encryption scheme that was based on RC4 .
- Access control which protects users from accessing the whole network infrastructure , this was done by making users use shared WEP key.
- Data integrity in order to prevent wrong users from tempering with the messages that are transmitted.
The WEP wireless network security mechanism was then doubted due its data flaws that made being checked, and the following was its weaknesses;
Authentication mechanism in WEP is very simple technique of shared keys. The shared key is a WEP key that is shared among the users of the wireless network, since all users have one key, and one user cannot be authenticated using a unique key, it was therefore obvious that any person with a WEP key will access the network by default.
Analysis of the Secured Network
The WEP key also does not keep the information of the user confidential , this is because all users use the same key in accessing the network. Attackers therefore can easily break into the key and manipulate data of the network.
Those WEP is one of the mechanism that was used in securing the network, it can be seen that some , the network still can be challenged, attacked and broken into.
Generally, securing networks meant for enterprise purpose might help a lot in securing the information and data of the organization from hackers who might get into the system and interfere with the normal operation of the system or manipulate data in the organization.
This is defined as a process of giving someone authority or permission to access something accoding to [5] . In networking is security mechanism that is preceded by authentication and only allow the users that have been given permission to access the network. The most common types of this kind of security are WPA2 and use of radius server.
This is the current wireless security mechanism on many devices it uses the encryption method , a device encrypts data using 256 bit key according to [6]. The more the length of the key the maximum security the key offers to the network. As wireless networks are prone to many security threats especially those ones found in enterprises. It is important for them to implement security measures that only allow authorized users to access there wireless networks. The mechanisms that maybe implemented include wireless intrusion prevention system (WIPM) or wireless intrusion detection system. This is a system that detects any intruder who tries to access the network without administration permission. This detects the intruders and blocks him from accessing the network.
This is a remote authentication dial user service protocol that enables centralization of authentication and management of users connected to a network according to [6 ]. I t runs on the application layer hence it accesses the transport control protocol. Normal the users types in the password and username the system compares the credentials with the one that are saved the system for comparison. if they are equally the request of the user to connect to the network is accepted and else if they are not equally the request of the user connection to the network is rejected.
This is the process of identifying user credentials and proving them to be true [7]. if the user credentials are proved to be true as compared with the ones in the database then the access to the network is accepted. If the user credentials happens to be proved false then the user access to the network connection is denied. The authentication process takes place under to wireless network types WPA2 and radius server.
Authorization
This is the encryption of data to prevent it from unauthorized users and preventing them from accessing a network connnection. When network is encrypted only authorized users can have access to it .it uses the 256 bits key to encrypt anetwork to prevent it from an authorized access.
This is a remote authentication dial user service protocol that enables authorization and manages users connected to a network [9]. I t runs on the application layer hence it accesses the transport control protocol and users datagram. Normal the users types in the password and username, the system compares the credentials with the one that are saved the system . if they are equally the request of the user to connect to the network is accepted and else if they are not equally the request of the user connection to the network is rejected.
This is the polise that acts as a guidance to the network security measures within a given organization this makes sure that there is no modification of any messages within a network .This means that the message that is send through the network is not modified in any way and is received by the recipient. This can only be accomplished through use of WPA2 and radius server.WPA2 this type of security defines how data is encrypted in a network security. This means only sender and receiver will have access to the message in a network. Any third person who will want to access data from two clients communicating in the network will be unable since the all network data is encrypted and he or she has no key to decrypt data. This is protocol for authenticating user in a network widely used in the wireless network security. it holds the user security credentials and authenticates them before connecting to a network.WPA2 enable network integrity since its has a framework for authenticating the users who wants to join the wireless network while radius server only allow users who their credentials area correct to access the network. if they are not correct the network access protocol returns a reject message to the client who wants to join the available network. if then the credentials are correct an accept message is returned to the user this gives the client permission to join the network.
Eavesdropping is the practice of listening communication between two hosts without their knowledge[12]. This can be prevented through encryption method. Encryption is a method of encoding a plaintext to ciphertext so that its meaning is not obvious this prevents the intruder from reading the content of the message
WPA2
Segmentation is the division of a network to several divisions called segments. This helps in preventing eaves dropping .
This is the prevention of eavesdroppers from accessing a network through setting of passwords. This ensures that all users connected to a network are trusted.
This involves the tools that were used in creating the network. In this case, cisco packet tracer was used to design and implement the wireless network. The wireless enterprise network modelled is attached ready for demonstration.
During the implementation of the network , the following are the tools that were used to simulate the network virtually according to [13].
Wireless network access point which is a networking tool that propagates wireless network from a wired network making it possible for the computers to be able to wirelessly access the network. This is the device where the settings of the wireless network are installed. The specific name of the wireless network is set like in this setup the SSID name of the wireless network is wireless_name. The network also is also protected with WPA2 security password so that unauthorized users cannot have access to it. The ports of the network are also put on so that the they can accessed by the users. When guests wants to connect to the wireless network they are given passwords credentials and connect to the network.
Computer which in this case was used as a wireless network access device. They are provided with specific IP addresses and subnets so that they can communicate to each other on the network. The three devices are connected to 255 .225 . 255 .0 subnet in which they communicate with each other.
Networking Switch which connects networking devices together on a computer network. The switch was used to connect the access point and the server transmitting data packets to the access point from the server .
Fast Ethernet cables are used to connect the server and to the switch and switch to the access point. They enhance communication between the two devices.
Server this is data store for a network center. It is where all the settings of the network are stored Anything that the clients have to access in the network is stored in the server .This means that it serves information to the clients which are the computers or devices connected to the network. The server has a specific local address which enable clients to access it through the address .in this network implementation the server uses local address 192 . 268 .100 .100.
Radius Server
Net topology a topology is how different devices are arranged in a network. The star topology was implemented in this network. The computers are connected to central device called access point. They are connected through point to point to the device is then connected to the switch.
Before this type of security is implemented in a network database is set. The database can be can be set on its on or another machine as the radius-server. This depends on the amount of space that is needed for the database. Mysql database was chosen because is fast and readily available and runs on any platform that is available. The radius server is the heart of the enterprise network since it differentiates between the enterprise application and personal network. When all the servers are running and the encrypted key is generated then the switch or router can be connected to the server with specific settings. The settings of the routers or switch are configured to WPA2 enterprise with AES encryption and provided with information to connect to the radius server.
This type of security implements the RFC 2865 both in authentication and authorization which are the UDP protocols. During the radius authentication the client connects to a network access server then provides the credentials .Network access then uses credentials to provide the access to the server .When the authentication is complete the radius server passes an accept message or a reject message to the client. The network access can always inform the clients about the mac address of client computer. Communication between the network access and
radius server are protected using the radius secrete password .The radius protocols include PAP and CHAT they are used to authenticate network clients to servers and network devices [18],[19],[20]. Implementation of the radius server enhances high level security since it uses the asymmetric cryptography.
Conclusion
Wireless networks should be highly be secured since they are highly vulnerable. Security of data ensures confidentiality ,integrity and availability of data in any wireless network . its also recommended any data transmitted through a network should be highly encrypted to prevent it from falling into wrong hands. Wireless networks should be provided with radius servers and WPA2 security features because they totally keep the network safe and they are attacker free meaning hackers can”t crack their passwords .
References
[1] Christian Barnes, Tony Bautts, Donald Lloyd, Eric Quellet, Jeffery Bosluns, David M. Zendzian, and Neal O’Farrell (technical editor), Hack Proofing Your Wireless Network. USA: Syngress Media, 2006.
[2] Matthew Gast, “Seven security problems of 802.11 wireless” An AirMagent Technial White Paper, https://www.fewireless.com/wireless/wlan_library/ am_tech.pdf, December 2009
[3] Brandon Brown, “802.11: the security differences between b and i” IEEE Potentials, Vol. 22, No. 4, pp. 23-27, October/November, 2012
[4 ] Shapiro, Carl, Varian, R. Hal, Information Rules Published by Harvard Business School Press, pp. 236, 2006.
[5 ] Foster, Matt, Wireless Local Area Networking: An Introduction, February 2008, [online] Available: .
[6] Borisov, Goldberg, Wagner, Intercepting Mobile Communications: The Insecurity of 802.11, February 2009, [online] Available:
[7] Arbaugh, A. William, Shankar, Narendar, Your 802.11 Wireless Network has No Clothes, March 2001, [online] Available:
[8] Arbaugh, A. William, Mishra, Arunesh, An Initial Security Analysis of the IEEE 802.1X Standard, February 2014, [online] Available: .
[9] Ellison, Carl, Exploiting and Protecting Wireless Networks, Sept 2011, [online] Available: .
[ 10]. Aboba, Bernard, WEP2 Security Analysis, May 2013, [online] Available: .
[11]. Arbaugh, A. William, An Inductive Chosen Plaintext Attack Against WEP/WEP2, March 2013, [online] Available:
[12] Cam-Winget, Moore, Stanley, Walker, IEEE 802.11i Overview, December 2008, [online] Available
[13 .Karygiannis, Tom, Owens, Les, “Wireless Network Security: 802.11 Bluetooth and Handheld Devices”, NIST —Special Publication 800-48, November 2007.]: ..
[14]
Eaton, Dennis, Diving into the 802.lli Spec: A Tutorial, September 2003, [online] Available: .
[15] Badson, karl, Exploiting, Protecting Wireless Networks, Sept 2007, [online] Available: .
[ 16]. Denson, Swali, WEP2 Security Analysis, May 2008, [online] Available: .
[17]. Arbaugh, A. William, An Inductive Chosen Plaintext Attack Against WEP/WEP2, March 2002, [online] Available:
[18] Cam-Winget, Moore, Stanley, Walker, IEEE 802.11i Overview, December 2008, [online] Available
[19] .Panoroya, Tom, Owens, Les, “Wireless Network Security: 802.11 Bluetooth and Handheld Devices”, NIST —Special Publication 800-48, November 2007.]: ..
[20] Moha, Sis, Diving into the 802.lli Spec: A Tutorial, September 2010, [online] Available: .