Changes

IT Infrastructure Security

2,622 bytes added, 21:19, 22 February 2008
Wireless
== Wireless ==
 
Starting with wide spread deployment in home networks Wireless Access Points and corresponding wireless network adapters have now begum to appear within business enterprises. This progress has accelerated considerably since the introduction of the N variant of the 802.11 Wi-Fi standard.
 
Wireless networking introduce a unique set of security threats that must be taken into consideration. First and foremost, the data transmitted over a wireless network is not confined to the cables concealed under floor boards, within wall cavities and false ceilings. Instead the data is quite literally traveling through the air waves. This means that anyone within range of the signal transmissions has the potential to intercept the data. In fact, placing a wireless device behind a firewall essentially renders the firewall impotent. The firewall will only block unwanted intrusion coming into the firewall the physical connection to the internet. Compromising the wireless network from outside the building effectively bypasses the firewall.
 
A number of techniques are available to provide at least some level of security to wireless networks. One standard is ''Wired Equivalent Privacy'' (WEP) which was initially intended to provide a level of security for wireless networks which was at least as secure as a wired network. WEP relies on encryption to prevent the easy interception of wireless data by eavesdroppers. Encryption RC4 based using shared 40-bit or 128-bit encryption keys. Unfortunately both levels of encryption have been proven to be breakable. That said, WEP is better than no protection at all, and if it is your only option be sure to choose the highest level of encryption.
 
An improved wireless encryption and authentication standard is called ''Wi-Fi Protected Access'' (WPA and WPA2). WPA data is encrypted using the RC4 stream cipher, (both 128-bit key and 48-bit) together with keys which dynamically change as the system is operational. WPA is considered to be considerably more secure than the WEP standard.
 
Most wireless access points also provide MAC address filtering, accepting only data from devics with a MAC address which matches a pre-defined list of trusted devices. Once again the ability to fake the IP address of many systems increases the chances that a rogue system can be made to masquerade as a trusted system.
 
Just like routers and switches, wireless access points provide support for remote administration. String password selection enforcement and secure communications must always be used when accessing the access point administration interfaces.
 
== DSL and Cable Modems ==