Wireless networking is still a somewhat new, and emerging technology. Its popularity continues to grow and more and more organizations are deploying wireless networks, or exploring what the benefits might be if they choose to implement a wireless network. They can make users more productive, and more efficient, but they can also create a huge security risk if not properly configured.

The original wireless security mechanism, WEP (Wired Equivalent Privacy), was quickly shown to have fatal flaws which render it barely better than having no security at all. In fact, perhaps no security at all is better because at least then you know you are insecure and you don’t have the illusion that you may be secure.

Aside from a fundamental flaw in the implementation of the encryption algorithm, one issue with WEP is its reliance on a pre-shared key. Basically, connecting with a WEP-protected wireless network requires that you know what the password, or key is. There is no efficient means of changing the WEP key, and the flaws in the WEP encryption make it trivial for an attacker to obtain the WEP key, so unauthorized access to a WEP-protected wireless network is a relatively simple affair.

WPA (Wi-Fi Protected Access), and subsequently WPA2, are designed to comply with the 802.11i standard which calls for authentication through an 802.1X-compliant or RADIUS server. You can still use WPA in PSK (pre-shared key) mode, and it has superior encryption and automatically cycles the key so it is more secure than WEP. However, requiring users to actually authenticate in order to gain access, rather than just knowing the “magic word”, is significantly more secure and provides a means of logging and tracking access.

There are expensive methods of implementing authentication, and there are cheap methods. You can get RADIUS-enabled wireless switches anywhere from $1,000 to $25,000 or more each. But, if you have Windows Server 2003 in your environment you already have a free solution available to you: Internet Authentication Service (IAS) (it has been replaced with Network Policy Server (NPS) in the upcoming Windows Server 2008).

Of course, there will be an impact to the performance of the server if you add additional roles, so you need to make sure that your server has enough processor and memory horsepower to handle the workload. The authentication solution also requires a user database of some sort. Being a Windows Server based solution, Active Directory springs to mind as the obvious choice. And, depending on the EAP (Extensible Authentication Protocol) method you select you may also require a certificate server of some sort.

Overall though, if you have a Windows Server 2003 network you already possess the technology to secure your wireless network and provide authentication to secure it from unauthorized users. You can find all of the details you need to know to effectively implement IAS authentication on Microsoft Technet.

Enter your email address to get Hack Report news via email:

3 Comments

Comments RSS TrackBack Identifier URI

Leave a comment

Name (required)

Mail (will not be published) (required)

Website