Privacy

All technologies for wireless communication using one or another form of encryption to protect them. Networks meet the standard IEEE 802.11, use the WEP encryption to encrypt the information, depending on the class of device encryption can be 64 - or 128 - bit. With Bluetooth has three modes of protection as the most secure Security mode 3 (link level enforced security) operates seansovi keys (Bond), generated in the process of connecting two devices and are used in the connection process, identification and Data transmission between two devices. In any case, the problem of data protection in wireless communication devices found - is still relatively easy to catch the signal from the air, and it should be mentioned dekodiran.Kakto, 802.11b provides data control at the MAC and encryption mechanisms, known as Wired Equivalent Privacy (WEP), which can be enabled or izklyucheni.Kogato WEP is turned on, it only protects the data package, but not the title, so all connected devices can "view" passing data. Access control at each point of access has ESSID (or WLAN Service Area ID), no information about which station can not connect to the access point. Moreover, if it can keep a list of "allowed" MAC addresses of authorized devices, thus permitting the network to include only those devices that are in the list. Encryption of data is done using the RC4 algorithm with a 40-bit key, but there are simpler ways of encryption. Deciding exactly which device to buy, pay attention to this parameter - some manufacturers of wireless communication devices to cheaper products, using a simple coding algorithms. Wired Equivalent Privacy (WEP) e encryption technology used to protect communications in IEEE 802.11 networks, standard is 64 bits with a 40 bit key. Two methods of authentication can be used with WEP - Open System and Shared Key. "The problem now is that the servers were attacked and feet in less than an hour and a half, so this WEP technology is not intended for widespread use. This assistance comes Wi-Fi Protected Access (WPA) and the new version - WPA2 - encryption technologies based on the IEEE 802.11i standard. They generate keys that change each hour, hour and a half. These standards are not completely unbreakable, but are very difficult to attack and decryption " One of the key technologies in the WPA's Temporal Key Intergrity Protocol (TKIP), which is part of the standard for encrypting wireless networks IEEE 802.11i. Thanks to WPA it has the possibility to check the integrity of packages, a mechanism for automatic switching of the switch and the ability to authenticate. WPA version is WPA-PSK (pre-shared key). In it, too, like WEP, it is necessary to choose a static key, which, however, then at regular intervals of time is changed automatically. In this chain of components related to wireless communications plays an important role Radius server. He participated in the process of authentication and a software component, also associated with data security. The server is located on one of the devices on the network and is based on the most popular operating systems. The access point must be configured by the administrator and to set the address and port of the Radius server. In this situation, the server knows that it is the element of the communication chain, which will connect to it. When the client is requesting a connection with this point in its run traffic that is allowed by the result of the authentication process. This is done through the certification and the user's password, ie to achieve a high level of security used by residential customers and those of all levels of business. http://networkworld.bg Many companies are using a wireless solution for data transmission (WLAN), faced with new problems in defense. The right way to solve such problems is a combination of administrative and technical methods. We will cover the technical aspects of using the software and hardware, designed to detect intrusion WLAN and countering these attacks. Unfortunately, the widespread deployment of Wi-Fi adapters and computers lead not only to ease the user's life, but also to reduce the level of protection for corporate networks. In fact, wireless technology is a "broadband", which gives additional opportunities to break into the network and thus data theft. Actions against wrongdoers wireless networks can be divided into two groups: passive (monitoring, interception and recording of the intercepted information) and active (receive data that help to overcome the protection by methods of social engineering, fraud, etc.).. Malefactor acting passively in a WLAN, it is difficult to stop. Proposed solutions for monitoring traffic to continuously improve and their price decreases every month and they are becoming more accessible to a broader audience. In addition, information is usually in wireless networks "leak" outside the secure perimeter and could easily be intercepted. Preventing signal possible to a limited extent and in such circumstances the main task of the Department of Information Security is as complicate data transmission. Active effects of corporate WLAN is tantamount to a declaration of war. In a case against the attackers to trigger the whole arsenal of tools to monitor and counter. Companies using wireless technologies and concerned for their own information security are required to have weapons of tools with the following minimum features (others use additional options make the system more convenient): • Opening and unmistakably automatic classification of active simultaneous multiple impacts on the network; • Automatically countering multiple effects with the ability to detect and classify new types attacks while maintaining the level of performance of the WLAN; • Identify the location or at least in which direction is located equipment culprit who broke into the corporate network; • Inform the staff responsible for the safety of the corporate network, all incidents. Looking at the third point, imagine that the office of your company with an area of ​​20 thousand square meters one of the officers involved in their own corporate network Wi-Fi access point. Settings are default and it becomes easily accessible point of entry of evil-doers. In some indirect signs can determine the approximate location of the intruder, but overlapping area from one point reaches 7,000 square meters, so the search for "offender" is very difficult. We will look at a specific example of how these functions are implemented. Module HiGuard, integrated management system for wireless networks Siemens HiPath Wireless Manager, a software and hardware solution that works under Windows Server 2003 with Siemens HiPath Wireless Manager. With HiGuard sensors monitor the surrounding area. Sensors play the role of ordinary wireless access points AP2610 and AP2620. If necessary, you can switch access point from standard mode wireless sensor mode. This provides greater flexibility in optimizing the performance and the coverage area of ​​the wireless network. Each sensor is able to counteract both 20 attacks on the wireless network and make continuous monitoring. HiGuard allows you to connect any access point (sensor) with the plan of office space. Graphic depiction of covered area is a very handy tool. Besides accurate enough to locate the real users and malicious "guest" is not difficult to identify weaknesses in the corporate wireless network. The optimal placement of access points as needed becomes quite easy. This is especially important to support applications such as transmission aloud or video over a wireless network. The program detects and fixes more than 140 types of events. Messages are displayed on the control panel HiGuard, send an e-mail to the administrator or by using the protocol SNMP - in the management of higher levels. Hipath Wireleess Manager HiGuard detect and classify all known variants of threats and counter them effectively before they cause damage to the wireless network. You can also set levels of active influence of devices, from simple monitoring activities of external access point and Wi-Fi adapters to customers of the company to work immediately blocking access point or "hostile adapter". The database records such HiGuard hostile access points and adapters and subsequent appearance of these detection devices using sensors automatically apply corrective measures. These measures do not affect the performance of the corporate WLAN and unlink Authenticated users. Hipath Wireleess Manager HiGuard is convenient to use, the control panel displays the information for all access points and client adapters located in the area of ​​vision sensors and all events. The Panel is also the "starting point" for setup at a deeper level. 1.5.Bezopasnost of Wi-Fi networks Like any computer system, Wi-Fi is a source of increased risk of unauthorized access. Besides t penetrate a wireless network is much easier than normal. You do not have to join the cables is enough to find yourself in the area of ​​signal. Wireless networks are different from wired only the first two levels - physical (Phy) and partly channel (MACN) - the model of interaction of the open system of seven levels. Higher levels are realized in the cable, but the real safety nets to ensure it is at these levels. Therefore the difference in the safety of both networks is limited to the difference in the safety of physical and MACN levels. Although today to protect Wi-Fi networks using complex algorithmic mathematical models of authentication, encryption and data integrity controls in their program, yet is very significant likelihood of unauthorized access to information. And if not undertaken with care network setup, malefactor can: • Access to resources and drives users Wi-Fi-network and through it to the resources LAN; • eavesdrop traffic and extract confidential information, it; • Falsifies running the web; • take advantage of Internet traffic; • attacking workstation users and network servers; • introduces false access points; • sends out spam and other illegal activities in the name of your network. Network security is set 802.11 set of safety measures of the transmitted data. At the beginning of the use of Wi-Fi networks to access the local network that role was played by password SSID (Server Set ID), but after a while it turned out that a technology can have reliable protection. Basic protection has long been the use of digital keys for data encryption function using Wired Equivalent Privacy (WEP). Keys themselves are simple passwords with a length of 5 to 13 characters ASCII. Data is encrypted with a key razrednost from 40 to 104 bits. However, this is not the whole key, but its statistical component. To reinforce the protection the so-called initialization vector Initialization Vector (IV), which is intended for the additional randomization of the key, which provides different variations of encrypting different data packets. This vector is 24-bit. In this way, we obtain a general encryption razrednost of 64 (40 +24) to 128 (104 +24) bits to encrypt rezulytat as we operate with constant and with random characters. But it turned out that protection may be pierced by the existing tools is the Internet (eg, AirSnort, WEPcrack). The main weak spot is and initialization vector. As far as talking about 24 bits, this implies about 16 million combinations, then use their key starts to repeat. It is a hacker to find these repeated acts of keys (from 15 minutes to an hour for a 40-bit key) and the second to break the rest of the key. After tovma he can enter the network as a simple registration. As it turned later, WEP was also not the most reliable protection technology. Then in 2001 the cable and wireless networks was introduced a new standard IEEE 802.1X, which uses a variant of dynamic 128-digit encryption keys, ie periodichnopromenyashti in time switches. Thus potreitelite network work sessions after the completion of which they sent a new key. For example, Windows XP supports a standard time of a session is 30 minutes. IEEE 802.1X is a new standard that was key to the evolution of wireless networks in general. The basis is taken remedial safety technology used in 802.11, in particular the opportunity to break into WEP, depending on the technology of the manufacturer, etc. 802.1X enables connection to the network, even a PDA-devices, which in turn hand allows more efficient use of the idea of ​​wireless On the other hand, 802.1X and 802.11 compatible standarti.Pri 802.1X using the same algorithm as in WEP, namely - RC4, but with some differences. 802.1X is based on a extended authentication protocol (EAP), Protocol for the Protection of the transport level (TLS) and server access Remote Access Dial-in User Server. Protocol on protection of the transport level TLS provides mutual authentication and integrity of transmitted data. All keys are 128-bit by default. At the end of 2003 was introduced standard Wi-Fi Protected Access (WPA), which combines the advantages of dynamic update of key switches with IEEE 802.1X encryption protocol integration temporary key TKIP with extended authentication protocol (EAP) and technology to verify message integrity MIC. WPA is a temporary standard to which magazine orazumyaha equipment manufacturers until you take action IEEE 802.11i. Actually, WPA = 802.1X + EAP + TKIP + MIC, where: • WPA - technology to secure access to wireless networks; • EAP - extended authentication protocol (Extensible Authentication Protocol); • TKIP - Protocol integrating the temporary key (Temporal Key Integrity Protocol); • MIC - technology for message integrity checking (Message Integrity Check). TKIP uses standard automatic selection keys that are sezdavat in an unpredictable manner and the total number 500000000000 variations. Complex hierarchical system of algorithm selection keys and their dynamic replacement after every 10th Kbayt (10000 submitted package) make the system maximum zashtitena.Tehnologiyata a message integrity check (Message Intefrity Check) also protects a break and change of information ( Message Integrity Check). Too complicated mathematical algorithm to collate sent to and received one point to another database. In case you have noticed changes and the result of the comparison does not match such data are considered false Ise deleted. Of course, TKIP is not yet best to implement encryption, the scene out new algorithms based on technology Advanced Encryption Standard (AES), which has long been used in VPN. As for WPA, AES support is already implemented in Windows XP, only now optsionalyno. Along with these processes being developed numerous independent safety standards. The work is of different businesses in this area thrive Intel and Cisco. In 2004 appeared WPA2, and 802.11i, which is now considered most secure. Thus, nowadays ordinary users and network administrators have all necessary sredstvaza reliable protection of Wi-Fi and a lack of obvious errors vitnagi can be assured safety level corresponding to the significance of the information contained in such a network. Nowadays wireless network is considered secure if there are three main components safety systems: user authentication, PRIVACY and completeness of the data transmission. To achieve a sufficient level of safety necessary for the organization and setup of private Wi-Fi-network to meet a number of rules: 1. Data is encrypted using different systems; 2. The maximum level of safety will ensure the implementation of the VPN; 3. Used protocol 802.1X; 4. To deny access to the settings of the access point with a wireless switching; 5. To control access to customers MACN addresses;.............