Wireless Network Security - Revision history

Zychk: /* External Links */ added final signature

2008-04-14T02:22:49Z

External Links: added final signature

← Older revision		Revision as of 02:22, 14 April 2008
Line 115:		Line 115:


-	--[[User:Zychk\|Zychk]] 00:00, 9 April 2008 (EDT)	+	--[[User:Zychk\|Zychk]] 22:22, 13 April 2008 (EDT)

Zychk: /* See Also */ added more links

2008-04-14T02:20:54Z

Zychk: added quote to picture

2008-04-09T04:19:41Z

added quote to picture

← Older revision		Revision as of 04:19, 9 April 2008
Line 1:		Line 1:
-	[[Image:wifi.jpg\|thumb\|right\|250px\|Wi-Fi Security - ~~ PUT QUOTE IN HERE? ~~]]	+	[[Image:wifi.jpg\|thumb\|right\|250px\|Wi-Fi Security - ''...threats have become an eminent problem...''<sup>8</sup>]]

	'''Wireless network security''' threats have become an eminent problem as the use of the Internet continues to grow<sup>8</sup>. Network issues and the security measures for small wireless networks are extremely important to protect against the threats posed by attackers, viruses, and fraud.		'''Wireless network security''' threats have become an eminent problem as the use of the Internet continues to grow<sup>8</sup>. Network issues and the security measures for small wireless networks are extremely important to protect against the threats posed by attackers, viruses, and fraud.

Zychk: adding /* External Links */

2008-04-09T04:00:06Z

adding - External Links

← Older revision		Revision as of 04:00, 9 April 2008
Line 102:		Line 102:
	== External Links ==		== External Links ==

-	--[[User:Zychk\|Zychk]] 22:20, 7 April 2008 (EDT)	+	[http://netsecurity.about.com/od/hackertools/a/aa072004b.htm "Introduction to Wireless Network Security"]
		+
		+	[http://www.pcstats.com/articleview.cfm?articleID=1489 "Beginners Guides: Securing A Wireless Network"]
		+
		+	[http://www.windowsecurity.com/articles/Wireless-Network-Security-Home.html "Wireless Network Security For The Home"]
		+
		+
		+
		+	--[[User:Zychk\|Zychk]] 00:00, 9 April 2008 (EDT)

Zychk: fixed references throughout document

2008-04-09T03:40:22Z

fixed references throughout document

Zychk: fixed references /* Five Steps for Securing a Wireless Network */

2008-04-09T03:35:29Z

fixed references - Five Steps for Securing a Wireless Network

← Older revision		Revision as of 03:35, 9 April 2008
Line 63:		Line 63:

	== Five Steps for Securing a Wireless Network ==		== Five Steps for Securing a Wireless Network ==
-	Securing a wireless network can be achieved through a variety of methods. Some of these methods include complex programs and require expensive IT support ~~[Potter 2004]~~. There are, however, a number of common, easy-to-implement techniques that can be implemented in order to achieve an acceptable level of security within a wireless network. Most of the protection methods previously mentioned are open to attack when used on an individual basis. The following five simple techniques can help secure a wireless network and prevent unwanted access to a wireless network:	+	Securing a wireless network can be achieved through a variety of methods. Some of these methods include complex programs and require expensive IT support<sup>7</sup>. There are, however, a number of common, easy-to-implement techniques that can be implemented in order to achieve an acceptable level of security within a wireless network. Most of the protection methods previously mentioned are open to attack when used on an individual basis. The following five simple techniques can help secure a wireless network and prevent unwanted access to a wireless network<sup>5</sup>:

	:* Change the router’s default administrator password		:* Change the router’s default administrator password

Zychk: /* References */

2008-04-09T03:33:21Z

References

← Older revision		Revision as of 03:33, 9 April 2008
Line 86:		Line 86:
	[4] Ilyas, Mohammad, and Syed Ahson. Handbook of Wireless Local Area Networks. Boca Raton: CRC Press, 2005.		[4] Ilyas, Mohammad, and Syed Ahson. Handbook of Wireless Local Area Networks. Boca Raton: CRC Press, 2005.

-	[5] ~~Phifer~~, ~~Lisa~~. [http://www.~~wi-fiplanet~~.com/~~tutorials~~/~~article~~.~~php/10724_3716241_1~~ "~~The Caffe Latte Attack: How It Works and How~~ to ~~Block It~~"]. ~~December 12~~, ~~2007~~. (accessed March 26, 2008).	+	[5] Malik, Bobby. [http://www.connectedhomemag.com/HomeControls/Articles/Index.cfm?ArticleID=49176 "5 Steps to Home Wireless Security"]. January 25, 2006. (accessed March 30, 2008).

-	[6] ~~Potter~~, ~~Bruce~~. ~~"Fixing wireless security~~." ~~Network Security, 2004~~: ~~4-5~~.	+	[6] Phifer, Lisa. [http://www.wi-fiplanet.com/tutorials/article.php/10724_3716241_1 "The Caffe Latte Attack: How It Works and How to Block It"]. December 12, 2007. (accessed March 26, 2008).

-	[7] ~~Rogoski~~, ~~Richard~~. "~~Security Can Deter Wireless Hackers~~." ~~Triangle Business Journal~~, ~~2002~~: 2.	+	[7] Potter, Bruce. "Fixing wireless security." Network Security, 2004: 4-5.

-	[8] ~~Sankar~~, ~~Krishna, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky~~. "~~EAP Authentication Protocols for WLANs~~." ~~Cisco Press~~, ~~2004~~: ~~1-10~~.	+	[8] Rogoski, Richard. "Security Can Deter Wireless Hackers." Triangle Business Journal, 2002: 2.

-	[9] ~~Snyder~~, ~~Joel~~. "~~What is 802~~.~~1x?~~" ~~Network World~~, ~~2002~~: 1-2.	+	[9] Sankar, Krishna, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky. "EAP Authentication Protocols for WLANs." Cisco Press, 2004: 1-10.

-	[10] Wi-Fi Alliance. [http://www.wi-fi.org/knowledge_center/simple-soho-network "Simple Wireless Network for Home and Small Office"]. March 29, 2008. (accessed March 29, 2008).	+	[10] Snyder, Joel. "What is 802.1x?" Network World, 2002: 1-2.
		+
		+	[11] Wi-Fi Alliance. [http://www.wi-fi.org/knowledge_center/simple-soho-network "Simple Wireless Network for Home and Small Office"]. March 29, 2008. (accessed March 29, 2008).

	== External Links ==		== External Links ==

	--[[User:Zychk\|Zychk]] 22:20, 7 April 2008 (EDT)		--[[User:Zychk\|Zychk]] 22:20, 7 April 2008 (EDT)

Zychk: /* Wireless Network Protection Methods */

2008-04-09T03:26:24Z

Wireless Network Protection Methods

← Older revision		Revision as of 03:26, 9 April 2008
Line 33:		Line 33:

	== Wireless Network Protection Methods ==		== Wireless Network Protection Methods ==
-	Wireless network protection is an extremely important issue to consider in any wireless network. The follow are some ~~of the more~~ common protection techniques.	+	Wireless network protection is an extremely important issue to consider in any wireless network. The follow are some common protection techniques.

	=== MAC ID filtering ===		=== MAC ID filtering ===

Zychk: fully edited

2008-04-08T23:34:49Z

fully edited

← Older revision		Revision as of 23:34, 8 April 2008
Line 33:		Line 33:

	== Wireless Network Protection Methods ==		== Wireless Network Protection Methods ==
-	Wireless network protection is an extremely important issue to consider in any wireless network. ~~There~~ are ~~many technologies available to protect wireless networks; however, no single technique provides definite security. Some~~ of the more common protection ~~methods will now be discussed in detail~~.	+	Wireless network protection is an extremely important issue to consider in any wireless network. The follow are some of the more common protection techniques.

	=== MAC ID filtering ===		=== MAC ID filtering ===
-	Many wireless routers provide the ability to enable some sort of MAC address filtering. This technique permits only specified MAC addresses with a connection to the network. As a security method, this is a helpful technique in that it allows network administrators to control which devices can use the network. Using this technique alone however, will not provide complete security since MAC addresses can be spoofed~~, as seen in Section 2.5~~.	+	Many wireless routers provide the ability to enable some sort of MAC address filtering. This technique permits only specified MAC addresses with a connection to the network. As a security method, this is a helpful technique in that it allows network administrators to control which devices can use the network. Using this technique alone however, will not provide complete security since MAC addresses can be spoofed.

	=== Static IP Addressing ===		=== Static IP Addressing ===
Line 51:		Line 51:

	=== LEAP ===		=== LEAP ===
-	Lightweight Extensible Authentication Protocol (LEAP) is based on the 802.1X standard and helps minimize the original security flaws of 802.1X by using WEP and a sophisticated key management system [Sankar 2004]. LEAP allows devices to re-authenticate frequently; each time acquiring a new WEP key [Sankar 2004]. The idea here is that the WEP keys will not live long enough to be hacked by an attacker.	+	Lightweight Extensible Authentication Protocol (LEAP) is based on the 802.1X standard and helps minimize the original security flaws of 802.1X by using WEP and a sophisticated key management system [Sankar 2004]. LEAP allows devices to re-authenticate frequently; each time acquiring a new WEP key [Sankar 2004]. The idea here is that the WEP keys will not live long enough to be hacked by an attacker.

	=== PEAP ===		=== PEAP ===
-	Protected Extensible Authentication Protocol (PEAP) is another type of network security layer. This protocol allows for a secure transport of data, passwords, and encryption keys with the need of a certificate server [Sankar 2004]. PEAP authenticates clients into a network using server-side public key certificates and provides very good security [Sankar 2004]~~. It was developed by Cisco, Microsoft, and RSA Security~~.	+	Protected Extensible Authentication Protocol (PEAP) is another type of network security layer. This protocol allows for a secure transport of data, passwords, and encryption keys with the need of a certificate server [Sankar 2004]. PEAP authenticates clients into a network using server-side public key certificates and provides very good security [Sankar 2004].

	=== RADIUS ===		=== RADIUS ===
Line 63:		Line 63:

	== Five Steps for Securing a Wireless Network ==		== Five Steps for Securing a Wireless Network ==
-	~~As seen in the previous section, securing~~ a wireless network can be achieved through a variety of methods. Some of these methods include complex programs and require expensive IT support [Potter 2004]. There are, however, a number of common, easy-to-implement techniques that can be implemented in order to achieve an acceptable level of security within a wireless network. Most of the protection methods ~~that were introduced in Section 3~~ are open to attack when used on an individual basis. The following five simple techniques can help secure a wireless network and prevent unwanted access to a wireless network:	+	Securing a wireless network can be achieved through a variety of methods. Some of these methods include complex programs and require expensive IT support [Potter 2004]. There are, however, a number of common, easy-to-implement techniques that can be implemented in order to achieve an acceptable level of security within a wireless network. Most of the protection methods previously mentioned are open to attack when used on an individual basis. The following five simple techniques can help secure a wireless network and prevent unwanted access to a wireless network:

	:* Change the router’s default administrator password		:* Change the router’s default administrator password

Zychk: edited up to and including Cafe Latte Attack

2008-04-08T22:55:15Z

edited up to and including Cafe Latte Attack

← Older revision		Revision as of 22:55, 8 April 2008
Line 18:		Line 18:

	=== Non-traditional Networks ===		=== Non-traditional Networks ===
-	Non-traditional networks dealing with devices other than computers, such as handheld PDAs, or wireless printers and copiers, present security of their own. These devices pose a threat to the wireless network since the security of them can be easily overlooked by IT personnel who have narrowly focussed on laptops and access points [Curran 2008].	+	Non-traditional networks dealing with devices other than computers, such as handheld PDAs, or wireless printers and copiers, present security issues of their own. These devices pose a threat to the wireless network since the security of them can be easily overlooked by IT personnel who have narrowly focussed on laptops and access points [Curran 2008].

	=== MAC Spoofing ===		=== MAC Spoofing ===
-	MAC spoofing occurs when an attacker is able to listen in on network traffic and identify the MAC address of a computer with network privileges [Curran 2008]. Stealing the MAC address of a computer can be very helpful to an attacker. Every network interface card (NIC), which provides a connection to a router and thus to the Internet, contains a unique MAC address. In some cases, MAC address filtering~~, as described in Section 3.1,~~ will be enabled within a network. When this is the case, only certain addresses will be allowed on the network. A number of programs exist that have network sniffing capabilities allowing an attacker to determine and steal a MAC address [Curran 2008]. Stealing an address and using it (MAC spoofing), allows attackers to break into some secure networks, gaining access to potentially valuable information.	+	MAC spoofing occurs when an attacker is able to listen in on network traffic and identify the MAC address of a computer with network privileges [Curran 2008]. Stealing the MAC address of a computer can be very helpful to an attacker. Every network interface card (NIC), which provides a connection to a router and thus to the Internet, contains a unique MAC address. In some cases, MAC address filtering will be enabled within a network. When this is the case, only certain addresses will be allowed on the network. A number of programs exist that have network sniffing capabilities allowing an attacker to determine and steal a MAC address [Curran 2008]. Stealing an address and using it (MAC spoofing), allows attackers to break into some secure networks, gaining access to potentially valuable information.

	=== Man-in-the-middle Attacks ===		=== Man-in-the-middle Attacks ===
-	A man-in-the-middle attack is very similar to malicious association ~~as mentioned in Section 2.2~~. An attacker entices devices to log into a computer which is set up as a soft AP [Ilyas 2005]. Once this is done, the attacker connects to a real access point through another NIC offering a steady flow of traffic through the hacking computer to the Internet. This presents a major security issue because the user may be transferring private information while the attacker is sniffing the data [Ilyas 2005].	+	A man-in-the-middle attack is very similar to malicious association. An attacker entices devices to log into a computer which is set up as a soft AP [Ilyas 2005]. Once this is done, the attacker connects to a real access point through another NIC offering a steady flow of traffic through the hacking computer to the Internet. This presents a major security issue because the user may be transferring private information while the attacker is sniffing the data [Ilyas 2005].

	=== Denial of Service ===		=== Denial of Service ===
-	Denial of service attacks are active attacks that are meant to cause disruption of network services. Typical attacks occur when an attacker floods the network by saturating the wireless frequency bands with noise [Cali 2000]. An attack of this nature will usually slow down network traffic, and in some cases, cause the network to crash. Therefore, legitimate network users may be unable to connect to and use the network~~. This type of attack may not be preventable unless the default Service Set Identifier (SSID) is changed or SSID broadcast is disabled (as described in Section 4)~~.	+	Denial of service attacks are active attacks that are meant to cause disruption of network services. Typical attacks occur when an attacker floods the network by saturating the wireless frequency bands with noise [Cali 2000]. An attack of this nature will usually slow down network traffic, and in some cases, cause the network to crash. Therefore, legitimate network users may be unable to connect to and use the network.

-	=== ~~Café~~ Latte Attack ===	+	=== Cafe Latte Attack ===
	The café latte attack proves that an attacker can retrieve a Wired Equivalency Privacy (WEP) encryption key without having to be in range of the wireless network. In the past, an attacker was required to be in range of a wireless network in order to sniff the traffic to obtain the encryption key [Phifer 2007]. With the café latte attack, it is possible to achieve this using a technique called ''AP-less WEP Cracking'' [Phifer 2007]. The attacker uses various behavioural characteristics of the Windows Wireless stack along with known flaws in WEP to obtain the encryption key [Phifer 2007].		The café latte attack proves that an attacker can retrieve a Wired Equivalency Privacy (WEP) encryption key without having to be in range of the wireless network. In the past, an attacker was required to be in range of a wireless network in order to sniff the traffic to obtain the encryption key [Phifer 2007]. With the café latte attack, it is possible to achieve this using a technique called ''AP-less WEP Cracking'' [Phifer 2007]. The attacker uses various behavioural characteristics of the Windows Wireless stack along with known flaws in WEP to obtain the encryption key [Phifer 2007].

← Older revision		Revision as of 02:20, 14 April 2008
Line 72:		Line 72:

	== See Also ==		== See Also ==
		+	[[Designing_a_Small_Business_Intranet\|Designing a Small Business Intranet]]<BR>
	[[Information_security_awareness\|Information Security Awareness]]<BR>		[[Information_security_awareness\|Information Security Awareness]]<BR>
	[[Peer_To_Peer_Network_Security\|Peer To Peer Network Security]]<BR>		[[Peer_To_Peer_Network_Security\|Peer To Peer Network Security]]<BR>
-	[[Systems_for_Detecting_Network_Intrusion\|Systems for Detecting Network Intrusion]]	+	[[Piggybacking\|Piggybacking]]<BR>
		+	[[Public_Key_Encryption_Algorithms\|Public Key Encryption Algorithms]]<BR>
		+	[[Secure_File_Transfer_Protocols\|Secure File Transfer Protocols]]<BR>
		+	[[Systems_for_Detecting_Network_Intrusion\|Systems for Detecting Network Intrusion]]<BR>
		+	[[WiMAX\|WiMAX]]

	== References ==		== References ==

← Older revision		Revision as of 03:40, 9 April 2008
Line 1:		Line 1:
	[[Image:wifi.jpg\|thumb\|right\|250px\|Wi-Fi Security - PUT QUOTE IN HERE? ]]		[[Image:wifi.jpg\|thumb\|right\|250px\|Wi-Fi Security - PUT QUOTE IN HERE? ]]

-	'''Wireless network security''' threats have become an eminent problem as the use of the Internet continues to grow ~~[Rogoski]~~. Network issues and the security measures for small wireless networks are extremely important to protect against the threats posed by attackers, viruses, and fraud.	+	'''Wireless network security''' threats have become an eminent problem as the use of the Internet continues to grow<sup>8</sup>. Network issues and the security measures for small wireless networks are extremely important to protect against the threats posed by attackers, viruses, and fraud.

-	Wireless networks are great because they allow users to connect anywhere within range. However, this benefit is also what makes them vulnerable to attackers who do not need to be physically connected to the network to gain access. Since attackers can gain access to wireless networks, they can use a technique called packet sniffing, which can grant access to everything that is sent and received over the network ~~[Rogoski]~~.	+	Wireless networks are great because they allow users to connect anywhere within range. However, this benefit is also what makes them vulnerable to attackers who do not need to be physically connected to the network to gain access. Since attackers can gain access to wireless networks, they can use a technique called packet sniffing, which can grant access to everything that is sent and received over the network<sup>8</sup>.

	== Common Network Security Threats ==		== Common Network Security Threats ==
Line 12:		Line 12:

	=== Malicious Association ===		=== Malicious Association ===
-	A malicious association occurs when a wireless device is induced to connect with a malicious laptop ~~[Curran 2008]~~. These types of laptops are known as soft APs and are created when an attacker runs some software that makes their wireless network card look like a legitimate access point ~~[Curran 2008]~~. Once access has been acquired, the attacker can steal passwords, launch attacks, or plant viruses within the network which can cause severe downtown or data theft.	+	A malicious association occurs when a wireless device is induced to connect with a malicious laptop<sup>2</sup>. These types of laptops are known as soft APs and are created when an attacker runs some software that makes their wireless network card look like a legitimate access point<sup>2</sup>. Once access has been acquired, the attacker can steal passwords, launch attacks, or plant viruses within the network which can cause severe downtown or data theft.

	=== Ad-hoc Networks ===		=== Ad-hoc Networks ===
-	Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point between them, meaning there is actually no Internet connection. Attackers usually set up these networks and make them appear like actual Internet connections with a name such as ''Free Wi-Fi''. When users connect to the ad-hoc network, they are exposing their computers to attack from a waiting attacker ~~[Ilyas 2005]~~.	+	Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point between them, meaning there is actually no Internet connection. Attackers usually set up these networks and make them appear like actual Internet connections with a name such as ''Free Wi-Fi''. When users connect to the ad-hoc network, they are exposing their computers to attack from a waiting attacker<sup>4</sup>.

	=== Non-traditional Networks ===		=== Non-traditional Networks ===
-	Non-traditional networks dealing with devices other than computers, such as handheld PDAs, or wireless printers and copiers, present security issues of their own. These devices pose a threat to the wireless network since the security of them can be easily overlooked by IT personnel who have narrowly focussed on laptops and access points ~~[Curran 2008]~~.	+	Non-traditional networks dealing with devices other than computers, such as handheld PDAs, or wireless printers and copiers, present security issues of their own. These devices pose a threat to the wireless network since the security of them can be easily overlooked by IT personnel who have narrowly focussed on laptops and access points<sup>2</sup>.

	=== MAC Spoofing ===		=== MAC Spoofing ===
-	MAC spoofing occurs when an attacker is able to listen in on network traffic and identify the MAC address of a computer with network privileges ~~[Curran 2008]~~. Stealing the MAC address of a computer can be very helpful to an attacker. Every network interface card (NIC), which provides a connection to a router and thus to the Internet, contains a unique MAC address. In some cases, MAC address filtering will be enabled within a network. When this is the case, only certain addresses will be allowed on the network. A number of programs exist that have network sniffing capabilities allowing an attacker to determine and steal a MAC address ~~[Curran 2008]~~. Stealing an address and using it (MAC spoofing), allows attackers to break into some secure networks, gaining access to potentially valuable information.	+	MAC spoofing occurs when an attacker is able to listen in on network traffic and identify the MAC address of a computer with network privileges<sup>2</sup>. Stealing the MAC address of a computer can be very helpful to an attacker. Every network interface card (NIC), which provides a connection to a router and thus to the Internet, contains a unique MAC address. In some cases, MAC address filtering will be enabled within a network. When this is the case, only certain addresses will be allowed on the network. A number of programs exist that have network sniffing capabilities allowing an attacker to determine and steal a MAC address<sup>2</sup>. Stealing an address and using it (MAC spoofing), allows attackers to break into some secure networks, gaining access to potentially valuable information.

	=== Man-in-the-middle Attacks ===		=== Man-in-the-middle Attacks ===
-	A man-in-the-middle attack is very similar to malicious association. An attacker entices devices to log into a computer which is set up as a soft AP ~~[Ilyas 2005]~~. Once this is done, the attacker connects to a real access point through another NIC offering a steady flow of traffic through the hacking computer to the Internet. This presents a major security issue because the user may be transferring private information while the attacker is sniffing the data ~~[Ilyas 2005]~~.	+	A man-in-the-middle attack is very similar to malicious association. An attacker entices devices to log into a computer which is set up as a soft AP<sup>4</sup>. Once this is done, the attacker connects to a real access point through another NIC offering a steady flow of traffic through the hacking computer to the Internet. This presents a major security issue because the user may be transferring private information while the attacker is sniffing the data<sup>4</sup>.

	=== Denial of Service ===		=== Denial of Service ===
-	Denial of service attacks are active attacks that are meant to cause disruption of network services. Typical attacks occur when an attacker floods the network by saturating the wireless frequency bands with noise ~~[Cali 2000]~~. An attack of this nature will usually slow down network traffic, and in some cases, cause the network to crash. Therefore, legitimate network users may be unable to connect to and use the network.	+	Denial of service attacks are active attacks that are meant to cause disruption of network services. Typical attacks occur when an attacker floods the network by saturating the wireless frequency bands with noise<sup>1</sup>. An attack of this nature will usually slow down network traffic, and in some cases, cause the network to crash. Therefore, legitimate network users may be unable to connect to and use the network.

	=== Cafe Latte Attack ===		=== Cafe Latte Attack ===
-	The café latte attack proves that an attacker can retrieve a Wired Equivalency Privacy (WEP) encryption key without having to be in range of the wireless network. In the past, an attacker was required to be in range of a wireless network in order to sniff the traffic to obtain the encryption key ~~[Phifer 2007]~~. With the café latte attack, it is possible to achieve this using a technique called ''AP-less WEP Cracking'' ~~[Phifer 2007]~~. The attacker uses various behavioural characteristics of the Windows Wireless stack along with known flaws in WEP to obtain the encryption key ~~[Phifer 2007]~~.	+	The café latte attack proves that an attacker can retrieve a Wired Equivalency Privacy (WEP) encryption key without having to be in range of the wireless network. In the past, an attacker was required to be in range of a wireless network in order to sniff the traffic to obtain the encryption key<sup>6</sup>. With the café latte attack, it is possible to achieve this using a technique called ''AP-less WEP Cracking''<sup>6</sup>. The attacker uses various behavioural characteristics of the Windows Wireless stack along with known flaws in WEP to obtain the encryption key<sup>6</sup>.

	== Wireless Network Protection Methods ==		== Wireless Network Protection Methods ==
Line 39:		Line 39:

	=== Static IP Addressing ===		=== Static IP Addressing ===
-	One of the features of using Dynamic Host Configuration Protocol (DHCP) in network configuration is that it allows devices to be added to a network with minimal or no manual configuration ~~[Curran 2008]~~. If this is activated, each device is automatically assigned an IP address, usually in the form 192.168.1.n where n is an integer starting from one. With static IP addressing, each address is set by hand and can be chosen from the available addresses on the network router. This technique makes it more difficult for a casual or unsophisticated intruder to log onto the network ~~[Curran 2008]~~.	+	One of the features of using Dynamic Host Configuration Protocol (DHCP) in network configuration is that it allows devices to be added to a network with minimal or no manual configuration<sup>2</sup>. If this is activated, each device is automatically assigned an IP address, usually in the form 192.168.1.n where n is an integer starting from one. With static IP addressing, each address is set by hand and can be chosen from the available addresses on the network router. This technique makes it more difficult for a casual or unsophisticated intruder to log onto the network<sup>2</sup>.

	=== WEP ===		=== WEP ===
-	Wired Equivalency Privacy (WEP) was the original encryption standard for wireless and was intended to make wireless networks as secure as wired networks ~~[Potter 2004]~~. This is not the case however, as many flaws were quickly discovered and exploited ~~[Potter 2004]~~. Nonetheless, this encryption still provides some form of network security and if used, should be combined with other forms of protection. Adding an encryption layer is a very important step to securing a wireless network.	+	Wired Equivalency Privacy (WEP) was the original encryption standard for wireless and was intended to make wireless networks as secure as wired networks<sup>7</sup>. This is not the case however, as many flaws were quickly discovered and exploited<sup>7</sup>. Nonetheless, this encryption still provides some form of network security and if used, should be combined with other forms of protection. Adding an encryption layer is a very important step to securing a wireless network.

	=== WPA/WPA2 ===		=== WPA/WPA2 ===
-	Wi-Fi Protected Access (WPA) is an early security standard that was developed by the Wi-Fi Alliance to replace WEP ~~[Wi-Fi Alliance 2008]~~. It is simply another method of encryption for wireless connections that was developed to provide improvements to WEP through firmware updates and thus did not require new network hardware to be deployed ~~[Wi-Fi Alliance 2008]~~. WPA2 is designated as the final 802.11i standard from the Wi-Fi Alliance with its inclusion of the AES-CCMP encryption algorithm ~~[Wi-Fi Alliance 2008]~~.	+	Wi-Fi Protected Access (WPA) is an early security standard that was developed by the Wi-Fi Alliance to replace WEP<sup>11</sup>. It is simply another method of encryption for wireless connections that was developed to provide improvements to WEP through firmware updates and thus did not require new network hardware to be deployed<sup>11</sup>. WPA2 is designated as the final 802.11i standard from the Wi-Fi Alliance with its inclusion of the AES-CCMP encryption algorithm<sup>11</sup>.

	=== 802.1X ===		=== 802.1X ===
-	802.1X is an IEEE standard for port-based network access control and provides authentication to devices attached to a local area network port. It acts as a control layer for networks which will permit or prohibit specific network traffic during certain situations ~~[Snyder 2002]~~.	+	802.1X is an IEEE standard for port-based network access control and provides authentication to devices attached to a local area network port. It acts as a control layer for networks which will permit or prohibit specific network traffic during certain situations<sup>10</sup>.

	=== LEAP ===		=== LEAP ===
-	Lightweight Extensible Authentication Protocol (LEAP) is based on the 802.1X standard and helps minimize the original security flaws of 802.1X by using WEP and a sophisticated key management system ~~[Sankar 2004]~~. LEAP allows devices to re-authenticate frequently; each time acquiring a new WEP key ~~[Sankar 2004]~~. The idea here is that the WEP keys will not live long enough to be hacked by an attacker.	+	Lightweight Extensible Authentication Protocol (LEAP) is based on the 802.1X standard and helps minimize the original security flaws of 802.1X by using WEP and a sophisticated key management system<sup>9</sup>. LEAP allows devices to re-authenticate frequently; each time acquiring a new WEP key<sup>9</sup>. The idea here is that the WEP keys will not live long enough to be hacked by an attacker.

	=== PEAP ===		=== PEAP ===
-	Protected Extensible Authentication Protocol (PEAP) is another type of network security layer. This protocol allows for a secure transport of data, passwords, and encryption keys with the need of a certificate server ~~[Sankar 2004]~~. PEAP authenticates clients into a network using server-side public key certificates and provides very good security ~~[Sankar 2004]~~.	+	Protected Extensible Authentication Protocol (PEAP) is another type of network security layer. This protocol allows for a secure transport of data, passwords, and encryption keys with the need of a certificate server<sup>9</sup>. PEAP authenticates clients into a network using server-side public key certificates and provides very good security<sup>9</sup>.

	=== RADIUS ===		=== RADIUS ===
-	Remote Authentication Dial In User Service (RADIUS), is a protocol used for remote network access and provides excellent protection against attackers ~~[Hill 2001]~~. RADIUS works by having a server within the company network act as a gatekeeper by verifying users through a username and password previously determined by the user ~~[Hill 2001]~~. RADIUS is a good security technique often used in wireless networks by improving the WEP encryption key standard ~~[Hill 2001]~~.	+	Remote Authentication Dial In User Service (RADIUS), is a protocol used for remote network access and provides excellent protection against attackers<sup>3</sup>. RADIUS works by having a server within the company network act as a gatekeeper by verifying users through a username and password previously determined by the user<sup>3</sup>. RADIUS is a good security technique often used in wireless networks by improving the WEP encryption key standard<sup>3</sup>.

	=== Smart cards and USB tokens ===		=== Smart cards and USB tokens ===
-	This is a very high form of network security. The hardware card or token uses its internal identity code combined with a user entered PIN to create a powerful algorithm, providing a very secure way to conduct wireless transmissions ~~[Curran 2008]~~. One downfall to this method is its expensive nature.	+	This is a very high form of network security. The hardware card or token uses its internal identity code combined with a user entered PIN to create a powerful algorithm, providing a very secure way to conduct wireless transmissions<sup>2</sup>. One downfall to this method is its expensive nature.

	== Five Steps for Securing a Wireless Network ==		== Five Steps for Securing a Wireless Network ==