Components of a Secure Network
Required components when securing a network are:
Data Privacy and Integrity
Access to Wireless medium is unrestricted hence the use of cipher encryption technologies is needed for proper data privacy.
A cipher is an algorithm that is used to perform encryption:
- RC4 algorithm ( Ron’s Code / Rivest Cipher)
- It encrypts data in a continuous stream (streaming cipher)
- Used in technologies used to protect Internet traffic eg SSL (Secure Socket Layer)
- Incorporated into 2 legacy encryption methods: WEP and TKIP
- Advanced Encryption Standard Algorithm (AES) / Rijndael Algorithm
- Encrypts data in fixed blocks
- Much stronger than RC4
- Uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption method
- Encryption key strength options are 128, 192 or 256 bits.
To ensure that the data has not been tampered the encryption menthods use data Integrity Checks.
- WEP uses Integrity Check Value ( ICV)
- TKIP – Message Integrity Check (MIC)
- CCMP – Message Integrity Check (MIC) but stronger than for TKIP
Authentication, Authorization and Accounting (AAA)
Defines the protection of network resources.
- Refers to the verification of Identity and credentials
- Multifactor authentication is more secure and requires the use of at least 2 different types of credentials
- Determines whether or not a devices is authorized to access network resources
- Only happens after successful authentication
- Helps to track the use of network resources by users and devices
- This is the separation of user traffic within the network
- Achieved by the use of VLANs and Identity based mechanisms (firewalls, VPNS, routers)
Wireless Intrusion Detection Systems (wIDS) can be used to monitor. It protects against possible attacks.
This is needed to cement all the above components. It protects against possible attacks.
- CWNA Certified Wireless Network Administrator Study Guide by David D. Coleman and David A. Westcott.