Security is a major concern for all wireless LANs (and, for that matter, all wired LANs). Security is as important here as it is for any Internet user. Safety is a complex issue and requires constant attention. Huge harm can be inflicted on the user due to the fact that he uses random hotspots (hot-spots) or open WI-FI access points at home or in the office and does not use encryption or VPN (Virtual Private Network). This is dangerous because the user enters his personal or professional data, and the network is not protected from intrusion.
WEP
It was initially difficult to provide adequate security for wireless LANs.
Hackers could easily connect to almost any WiFi network, breaking early versions of security systems such as Wired Equivalent Privacy (WEP). These events left their mark, and for a long time some companies were reluctant to implement or not implement wireless networks at all, fearing that data transmitted between wireless WiFi devices and Wi-Fi access points could be intercepted and decrypted. Thus, this security model slowed down the process of integrating wireless networks into the business and made users nervous when using WiFi networks at home. The IEEE then created an 802.11i working group that worked to create a comprehensive security model to provide 128-bit AES encryption and authentication to protect data. The Wi-Fi Alliance has released its own interim version of this 802.11i security specification: Wi-Fi Protected Access (WPA). The WPA module combines several technologies to address the vulnerability of 802.11 WEP systems. Thus, WPA provides strong user authentication using the 802.1x standard (mutual authentication and encapsulation of data transmitted between wireless client devices, access points and a server) and Extensible Authentication Protocol (EAP).
The principle of operation of security systems is schematically shown in Fig. 1
Also, WPA is equipped with a temporary module for encrypting the WEP engine using 128 - bit key encryption and uses the Temporary Key Integrity Protocol (TKIP). And the message checksum (MIC) prevents data packets from being altered or formatted. This combination of technologies protects the confidentiality and integrity of data transmission and ensures security by controlling access so that only authorized users can access the network.
WPA
Further enhancing WPA security and access control is to create a new, unique key master for communication between each user wireless equipment and access points and provide an authentication session. And also, in the creation of a random key generator and in the process of generating a key for each package.
The IEEE ratified the 802.11i standard in June 2004, greatly expanding many of its capabilities thanks to WPA technology. The Wi-Fi Alliance has strengthened its security module in the WPA2 program. Thus, the level of security of data transmission WiFi of the 802.11 standard has reached the necessary level for the implementation of wireless solutions and technologies in enterprises. One of the significant changes in 802.11i (WPA2) over WPA is the use of 128-bit Advanced Encryption Standard (AES). WPA2 AES uses anti-CBC-MAC mode (a mode of operation for a cipher block that allows a single key to be used for both encryption and authentication) to ensure data confidentiality, authentication, integrity, and playback protection. 802.11i also offers key caching and pre-authentication for ordering users by access point.
WPA2
With the 802.11i standard, the entire chain of the security module (login, authorization, authentication and data encryption) becomes more reliable and effective protection against non-targeted and targeted attacks. WPA2 allows the Wi-Fi network administrator to switch from security issues to operations and device management.
The 802.11r standard is a modification of the 802.11i standard. This standard was ratified in July 2008. The technology of the standard transfers key hierarchies more quickly and reliably, based on the Handoff technology, as the user moves between access points. The 802.11r standard is fully compliant with the 802.11a / b / g / n WiFi standards.
There is also the 802.11w standard, which is designed to enhance the security mechanism based on the 802.11i standard. This standard is designed to protect control packages.
802.11i and 802.11w standards are mechanisms for protecting WiFi networks of the 802.11n standard.
Encrypting files and folders in Windows 7
The encryption function allows you to encrypt files and folders that will later be impossible to read on another device without a special key. This feature is present in such versions of Windows 7 as Professional, Enterprise or Ultimate. Next, we will highlight how to enable encryption of files and folders.
Enabling file encryption:
Start -> Computer (select a file for encryption) -> right mouse button on the file-> Properties-> Advanced (General tab) -> Additional attributes-> Put a marker in the item encrypt content to protect data-> Ok-> Apply-> Ok (Select apply to file only) ->
Enabling folder encryption:
Start -> Computer (select a folder for encryption) -> right mouse button on the folder-> Properties-> Advanced (General tab) -> Additional attributes-> Put a marker in the item encrypt content to protect data-> Ok-> Apply-> Ok (Select apply to file only) -> Close Properties dialog (Click Ok or Close).
WPA encryption involves using a secured Wi-Fi network. In general, WPA stands for Wi-Fi Protected Access, that is, protected.
Most system administrators know how to configure this protocol and know a lot about it.
But ordinary people can learn a lot about what WPA is, how to set it up and how to use it.
True, on the Internet you can find many articles on this matter, from which it is impossible to understand anything. Therefore, today we will speak in simple language about difficult things.
A bit of theory
So, WPA is a protocol, technology, program that contains a set of certificates used in transmission.
In simpler terms, this technology allows you to use various methods to secure your Wi-Fi network.
This can be an electronic key, it is also a special certificate of the right to use this network (we will talk about this later).
In general, with the help of this program, only those who have the right to do so will be able to use the network, and that's all you need to know.
For reference: Authentication is a means of protection that allows you to establish the identity of a person and his right to access the network, by matching the reported and expected data.
For example, a person can authenticate when they apply their own. If he just enters a username and password, this is only authorization.
But the fingerprint allows you to check whether this person really logs in, and not someone took his data and entered with their help.
Rice. 1. Smartphone fingerprint scanner
And also on the diagram there is a WLC - a wireless LAN controller. On the right is the authentication server.
All this is connected by a regular Switch (a device that simply connects various network devices). The key is sent from the controller to the authentication server and is stored there.
The client, when trying to connect to the network, must transmit to the LAP a key that it knows. This key goes to the authentication server and is compared with the desired key.
If the keys match, the signal is freely distributed to the client.
Rice. 2. An exemplary WPA scheme in Cisco Pocket Tracer
Components of WPA
As we said above, WPA uses special keys that are generated every time you try to start signal transmission, that is, turn on Wi-Fi, and also change once in a while.
WPA includes several technologies at once that help generate and transmit these same keys.
The figure below shows the general formula, which includes all the components of the technology under consideration.
Rice. 3. Formula with WPA components
Now let's look at each of these components separately:
- 1X is a standard that is used to generate that very unique key, with which authentication occurs in the future.
- EAP is the so-called Extensible Authentication Protocol. It is responsible for the format of the messages by which the keys are transmitted.
- TKIP is a protocol that allowed expanding the key size to 128 bytes (earlier, in WEP, it was only 40 bytes).
- MIC is a mechanism for checking messages (in particular, they are checked for integrity). If the messages do not meet the criteria, they are sent back.
It is worth saying that now there is WPA2, which, in addition to all of the above, also uses CCMP and AES encryption.
We will not talk about what it is now, but WPA2 is more reliable than WPA. That's all you really need to know.
Once again from the start
So there you have it. The network uses WPA technology.
To connect to Wi-Fi, each device must provide a user certificate, or, more simply, a special key issued by the authentication server.
Only then will he be able to use the network. That's all!
Now you know what WPA is. Now let's talk about what is good and what is bad about this technology.
Advantages and Disadvantages of WPA Encryption
The advantages of this technology include the following:
- Enhanced security of data transmission (compared to WEP, its predecessor, WPA).
- Tighter control over Wi-Fi access.
- Compatible with a wide range of devices that are used to organize a wireless network.
- Centralized security management. The center in this case is the authentication server. This prevents attackers from gaining access to hidden data.
- Enterprises can use their own security policies.
- Easy to set up and use.
Of course, this technology also has disadvantages, and they often turn out to be very significant. In particular, we are talking about the following:
- The TKIP can be cracked in a maximum of 15 minutes. This was announced by a group of specialists in 2008 at the PacSec conference.
- In 2009, specialists from the University of Hiroshima developed a method to hack any network using WPA in one minute.
- With the help of the vulnerability, named by the Hole196 specialists, you can use WPA2 with your key, and not with the one required by the authentication server.
- In most cases, any WPA can be hacked using the usual enumeration of all possible options (brute-force), as well as using the so-called dictionary attack. In the second case, the options are used not in a chaotic order, but according to the dictionary.
Of course, in order to take advantage of all these vulnerabilities and problems, it is necessary to have special knowledge in the field of building computer networks.
For most ordinary users, none of this is available. Therefore, you don't have to worry about someone gaining access to your Wi-Fi.
Rice. 4. Cracker and computer
Good day, dear readers of the blog site! Today we will talk about DIR-615 wireless security, about network security generally. I will tell you what WPA is. Next, I will give you step-by-step instructions. setting up a wireless network using the wizard, on the automatic and manual modes of assigning a network key. It will be shown below how add wireless device using WPS wizard... Finally, I will describe the configuration of WPA-Personal (PSK) and WPA-Enterprise (RADIUS).
Network Security
In this article, as promised, I will write about the different levels of security that you can use to protect your data from intruders. DIR-615 offers the following types of security:
What is WPA?
WPA, or Wi-Fi Protected Access, is a Wi-Fi standard that was designed to improve security capabilities WEP.
2 major improvements over WEP:
- Improved data encryption through TKIP... TKIP mixes keys using a hashing algorithm and adds an integrity checker to ensure that the keys cannot be tampered with. WPA2 is based on 802.11i and uses AES instead of TKIP.
- User Authentication, which is generally absent in WEP, through EAP... WEP regulates access to a wireless network based on the computer's specific hardware MAC address, which is relatively easy to find out and steal. EAP is built on a more secure public key encryption system to ensure that only authorized network users can access the network.
WPA-PSK / WPA2-PSK uses a passphrase or key to authenticate your wireless connection. This key is an alphanumeric password from 8 to 63 characters in length. The password can include characters (!? * & _) And spaces. This key must be exactly the same key entered on your wireless router or access point.
WPA / WPA2 enables user authentication via EAP... EAP is built on a more secure public key encryption system to ensure that only authorized network users can access the network.
Wireless Setup Wizard
To start the security wizard, open the morning Setup and then press the button Wireless Network Setup Wizard .
Automatic Network Key Assignment
Once this screen appears, the installation is complete. You will be presented with a detailed report of your network security settings.
Click Save
, to continue.
Manual Network Key Assignment
Choose a wireless security password. it must be exactly 5 or 13 characters long. It can also be exactly 10 or 26 characters long using 0-9 and A-F.
Click to continue.
Installation completed. You will be provided with a detailed report of your wireless security settings. Click Save to complete the Security Master.
Add Wireless Device using WPS Wizard
PBC: Select this option to use the method PBC to add a wireless client. Click Connect .
WPA-Personal (PSK) configuration
It is recommended that you enable encryption on your wireless router before enabling your wireless network adapters. Please set up wireless connectivity before enabling encryption. Your wireless signal may degrade when you enable encryption due to additional overhead.
WPA-Enterprise Configuration (RADIUS)
It is recommended that you enable encryption on your wireless router before enabling your wireless network adapters. Please set up wireless connectivity before enabling encryption. Your wireless signal may degrade when you enable encryption due to additional overhead.
- Log in to the Web Based Configuration Utility by opening a web browser window and entering the IP address of the router (192.168.0.1). Click Setup , and then Wireless Settings From the left side.
- Further in Security Mode
, select WPA-Enterprise.
Comment: Disable
Good day, dear friends, acquaintances and other personalities. Today we'll talk about WiFi encryption , which is logical from the title.
I think that many of you use such a thing as, which means, most likely, also Wi-Fi on them for your laptops, tablets and other mobile devices.
It goes without saying that this very Wi-Fi must be password-protected, otherwise harmful neighbors will use your Internet for free, or even worse, your computer :)
It goes without saying that in addition to the password, there are also all sorts of different types of encryption of this very password, more precisely, your Wi-Fi protocol so that it is not only not used, but also cannot be hacked.
In general, today I would like to talk a little with you about such a thing as WiFi encryption, or rather these same WPE, WPA, WPA2, WPS and others like them.
Ready? Let's get started.
WiFi encryption - general information
To begin with, let's talk in a very simplified way about how authentication with a router (server) looks like, that is, what the process of encryption and data exchange looks like. This is how we get the picture:
That is, at first, as a client, we say that we are we, that is, we know the password (green arrow on top). The server, let's say a router, rejoices and gives us a random string (it is also the key with which we encrypt the data), and then the data is exchanged encrypted with this same key.
Now let's talk about the types of encryption, their vulnerabilities, and more. Let's start in order, namely with OPEN, that is, with the absence of any cipher, and then move on to the rest.
Type 1 - OPEN
As you already understood (and I just said), in fact, OPEN- this is the absence of any protection, i.e. Wifi encryption is absent as a class, and you and your router are absolutely not engaged in protecting the channel and transmitted data.
Wired networks work exactly according to this principle - they do not have built-in protection and by "crashing" into it or simply connecting to a hub / switch / router, the network adapter will receive packets of all devices in this network segment in an open form.
However, with a wireless network, you can "crash" from anywhere - 10-20-50 meters and more, and the distance depends not only on the power of your transmitter, but also on the length of the hacker's antenna. Therefore, open data transmission over a wireless network is much more dangerous, because in fact, your channel is available to everyone.
Type 2 - WEP (Wired Equivalent Privacy)
One of the very first types Wifi encrypt it WEP... Came out back at the end 90 -x and is, at the moment, one of the weakest types of encryption.
Do you want to know and be able to do more yourself?
We offer you training in the following areas: computers, programs, administration, servers, networks, site building, SEO and more. Find out the details now!
In many modern routers, this type of encryption is completely excluded from the list of options for choosing:
It should be avoided in much the same way as open networks - it provides security only for a short time, after which any transmission can be fully disclosed, regardless of the complexity of the password.
The situation is aggravated by the fact that passwords in WEP is either 40 or 104 bit, which is an extremely short combination and you can pick it up in seconds (this is without taking into account errors in the encryption itself).
Main problem WEP- in a fundamental design error. WEP actually transmits a few bytes of this same key along with each data packet.
Thus, regardless of the complexity of the key, any transmission can be uncovered simply by having a sufficient number of intercepted packets (several tens of thousands, which is quite small for an actively used network).
Type 3 - WPA and WPA2 (Wi-Fi Protected Access)
These are some of the most modern types of such a thing at the moment as Wifi encryption and so far, in fact, almost no new ones have been invented.
Actually, the generation of these types of encryption has replaced the long-suffering WEP... Password length - arbitrary, from 8 before 63 byte, which greatly complicates its selection (compare with 3, 6 and 15 bytes in WEP).
The standard supports various encryption algorithms for transmitted data after a handshake: TKIP and CCMP.
The first is something like a bridge between WEP and WPA, which was invented at the time until IEEE were busy creating a complete algorithm CCMP. TKIP just like WEP, suffers from some types of attacks, and is generally not very secure.
Now it is rarely used (although why is it still used at all - I do not understand) and in general the use WPA With TKIP almost the same as using a simple WEP.
In addition to various encryption algorithms, WPA(2) support two different modes of initial authentication (password checking for client access to the network) - PSK and Enterprise. PSK(sometimes called WPA Personal) - login with a single password that the client enters when connecting.
It is simple and convenient, but in the case of large companies it can be a problem - for example, an employee has left for you and so that he can no longer gain access to the network, you have to change the password for the entire network and notify other employees about it. Enterprise removes this problem by having many keys stored on a separate server - RADIUS.
Moreover, Enterprise standardizes the authentication process itself in the protocol EAP (E xtensible A uthentication P rotocol), which allows you to write your own algorithm.
Type 4 - WPS / QSS
Wifi encryption WPS he is QSS- an interesting technology that allows us not to think about the password at all, but simply press a button and immediately connect to the network. In fact, this is a "legal" method of bypassing password protection in general, but it is surprising that it became widespread with a very serious miscalculation in the access system itself - this is years after the sad experience with WEP.
WPS allows the client to connect to the access point using an 8-character code consisting of numbers ( PIN). However, due to an error in the standard, only 4 of them. Thus, just enough 10000 attempts to guess and regardless of the complexity of the password for accessing the wireless network, you automatically get this access, and with it, in addition - this very password as it is.
Given that this interaction occurs prior to any security checks, it is possible to send an 10-50 login requests via WPS, and through 3-15 hours (sometimes more, sometimes less) you will receive the keys to paradise.
When this vulnerability was disclosed, manufacturers began to implement a limit on the number of login attempts ( rate limit), after exceeding which the access point automatically turns off the WPS- however, until now such devices are not more than half of those already released without this protection.
Even more - a temporary shutdown does not fundamentally change anything, since with one attempt to log in per minute we need only 10000/60/24 = 6,94 days. A PIN usually found before the entire cycle has been completed.
I want to once again draw your attention to the fact that when the WPS your password will inevitably be revealed, regardless of its complexity. So if you need it at all WPS- turn it on only when connecting to the network, and keep it off the rest of the time.
Afterword
Conclusions, in fact, you can make yourself, but in general, it goes without saying that you should use at least WPA, and better WPA2.
In the next article on Wi-Fi we will talk about how different types of encryption affect the performance of a channel and a router, as well as consider some other nuances.
As always, if you have any questions, additions and all that stuff, then welcome to the comments on the topic about Wifi encryption.
PS: For the existence of this material, thanks to the author of Habr under the nickname ProgerXP... In fact, the entire text is taken from his material, so as not to reinvent the wheel in his own words.
The question often arises: what type of Wi-Fi encryption to choose for a home router. It would seem a trifle, but with incorrect parameters, problems can arise to the network, and even with the transfer of information over an Ethernet cable.
Therefore, here we will consider what types of data encryption are supported by modern WiFi routers, and how the aes encryption type differs from the popular wpa and wpa2.
Wireless encryption type: how to choose a security method?
So, there are 3 types of encryption in total:
- 1. WEP encryption
The WEP encryption type appeared back in the distant 90s and was the first option for protecting Wi-Fi networks: it was positioned as an analogue of encryption in wired networks and used the RC4 cipher. There were three common encryption algorithms for transmitted data - Neesus, Apple and MD5 - but each of them did not provide the required level of security. In 2004, the IEEE declared the standard obsolete due to the fact that it finally ceased to provide a secure connection to the network. At the moment, this type of encryption for wifi is not recommended, because it is not cryptographically strong.
- 2.WPS is a non-use standard. To connect to the router, you just need to click on the corresponding button, which we talked about in detail in the article.
In theory, WPS allows you to connect to an access point using an eight-digit code, but in practice, often only four are enough.
This fact is calmly used by numerous hackers who quickly enough (in 3 - 15 hours) hack wifi networks, so using this connection is also not recommended.
- 3.Encryption type WPA / WPA2
Things are much better with WPA encryption. Instead of the vulnerable RC4 cipher, AES encryption is used here, where the password length is an arbitrary value (8 - 63 bits). This type of encryption provides a normal level of security and is quite suitable for simple wifi routers. Moreover, there are two types of it:
PSK type (Pre-Shared Key) - connection to the access point is carried out using a predefined password.
- Enterprise — a password for each node is generated automatically with verification on RADIUS servers.
The WPA2 encryption type is a continuation of WPA with security enhancements. This protocol uses RSN, which is based on AES encryption.
Like WPA encryption, WPA2 has two modes of operation: PSK and Enterprise.
Since 2006, the WPA2 encryption type is supported by all Wi-Fi equipment, the corresponding geo can be selected for any router.
Advantages of WPA2 encryption over WPA:
Encryption keys are generated during the connection to the router (instead of static ones);
- Using the Michael algorithm to control the integrity of transmitted messages
- Using an initialization vector of a substantially longer length.
In addition, the type of Wi-Fi encryption should be chosen depending on where your router is used:
WEP, TKIP and CKIP encryption shouldn't be used at all;
For a home access point, WPA / WPA2 PSK is fine;
For it is worth choosing WPA / WPA2 Enterprise.
