In this sub module we will discuss some more ways of wireless network security. Users can adopt one or more security measure to protect the information on a wireless network.
Access Control List
ACL is an important part of network access security. The ACL is a list of allowed users, media access control (MAC) addresses and IP addresses. It allows us to dictate who and who is not allowed to talk on a network and whose allowed to send packets over to certain parts of our network; which provides protection against unauthorized users who can transmit data. The ACL list allows for:
- Media access control (MAC) filtering
- IP filtering
- Port filtering
Tunnelling and Encryption
Tunnelling and encryption are a good means of network control. The main concept with tunnelling and encryption is the Virtual Private Network (VPN). A VPN is an encrypted private tunnel over a public network. Basically, it’s a means of creating a private network on a public interface. The protocols that form a Virtual Private Network are –
- Secure Socket Layer (SSL) VPN – Web browser based VPN (HTTPS).
- Transport Layer Security (TLS) – More common HTTPS.
- Transport Layer Security 2 (TLS2) – Enhanced security, hashing checks.
- Peer to Peer Tunnelling Protocol (PPTP) – Older dialup protocol, adds client on virtual node and has weak encryption. It is not recommended.
- Layer 2 Tunnelling Protocol – Carries layer 2 traffic and has no encryption by itself but utilizes IPsec, RADIUS and TACAS +.
IPSec / IP Security
IP Security, also known as IPSec is the protocol that allows the encryption of layer 3 communications with point to point connections. IP sec uses a number of sub protocols –
- Encapsulated Security Payload (ESP) – It encrypts content with symmetrical algorithm.
- Authentication Header (AH) – It creates checks sum and hashes a data packet.
- IP Comp/IP Payload Compression – It compresses IP payload.
- Internet Key Exchange (IKE) – It negotiates shared secret. In transport mode, it encrypts data while in tunnel mode it encrypts packets.
- Internet Security Association on Key Management Protocol (ISAKMP) – This is the procedure that works with IPSec Communications. It exchanges keys and provides security association and then creates the tunnel.
Remote Access Protocols can work over a local area network (LAN) as well as on a VPN. These protocols include –
- Remote Access Server (RAS) – This is the server role providing remote access into a network; it may be on a parameter or forward data from VPN concentrator.
- Remote Desktop (RDP) – Peer to peer connectivity for another computer and appropriate permissions are needed.
- Point to Point over Ethernet (PPPoE) – It encapsulate PPP packet in Ethernet frame and connect multiple users to Internet through DSL; set up to connect to ISP and provide username and password.
- Independent Computing Architecture (ICA) – This uses Citrix protocol and is a platform remote application connection. The applications run on one computer to be controlled by another computer.
SSH (Secure Shell)
Secure shell allows us to have a secure connection from user machine to a remote machine. Secure shell uses public key encryption as well as data communication, command line login and other remote management.