Comptia Network+ Tutorial: Module 05, Part 02: Wireless Network Security

In this sub module we will discuss some more ways of wireless network security. Users can adopt one or more security measure to protect the information on a wireless network.

Access Control List

ACL is an important part of network access security. The ACL is a list of allowed users, media access control (MAC) addresses and IP addresses. It allows us to dictate who and who is not allowed to talk on a network and whose allowed to send packets over to certain parts of our network; which provides protection against unauthorized users who can transmit data. The ACL list allows for:

  • Media access control (MAC) filtering
  • IP filtering
  • Port filtering

Tunnelling and Encryption

Tunnelling and encryption are a good means of network control. The main concept with tunnelling and encryption is the Virtual Private Network (VPN). A VPN is an encrypted private tunnel over a public network. Basically, it’s a means of creating a private network on a public interface. The protocols that form a Virtual Private Network are –

  • Secure Socket Layer (SSL) VPN – Web browser based VPN (HTTPS).
  • Transport Layer Security (TLS) – More common HTTPS.
  • Transport Layer Security 2 (TLS2) – Enhanced security, hashing checks.
  • Peer to Peer Tunnelling Protocol (PPTP) – Older dialup protocol, adds client on virtual node and has weak encryption. It is not recommended.
  • Layer 2 Tunnelling Protocol – Carries layer 2 traffic and has no encryption by itself but utilizes IPsec, RADIUS and TACAS +.

IPSec / IP Security

IP Security, also known as IPSec is the protocol that allows the encryption of layer 3 communications with point to point connections. IP sec uses a number of sub protocols –

  • Encapsulated Security Payload (ESP) – It encrypts content with symmetrical algorithm.
  • Authentication Header (AH) – It creates checks sum and hashes a data packet.
  • IP Comp/IP Payload Compression – It compresses IP payload.
  • Internet Key Exchange (IKE) – It negotiates shared secret. In transport mode, it encrypts data while in tunnel mode it encrypts packets.
  • Internet Security Association on Key Management Protocol (ISAKMP) – This is the procedure that works with IPSec Communications. It exchanges keys and provides security association and then creates the tunnel.

Remote Access

Remote Access Protocols can work over a local area network (LAN) as well as on a VPN. These protocols include –

  • Remote Access Server (RAS) – This is the server role providing remote access into a network; it may be on a parameter or forward data from VPN concentrator.
  • Remote Desktop (RDP) – Peer to peer connectivity for another computer and appropriate permissions are needed.
  • Point to Point over Ethernet (PPPoE) – It encapsulate PPP packet in Ethernet frame and connect multiple users to Internet through DSL; set up to connect to ISP and provide username and password.
  • Independent Computing Architecture (ICA) – This uses Citrix protocol and is a platform remote application connection. The applications run on one computer to be controlled by another computer.

SSH (Secure Shell)

Secure shell allows us to have a secure connection from user machine to a remote machine. Secure shell uses public key encryption as well as data communication, command line login and other remote management.