Network Security

This week’s topic is network security.  Network security can be configured through hardware or software and, when combined, make up a secured network.  We will be looking at the software side of network security.  Network security “keys” are used as encryption keys or passphrases that are long sequences of alphanumeric characters.  However, the terms passphrase and key are often used interchangeably.

The three important protocols of network security are authentication, authorization, and encryption.  It’s important to understand how they work together, so let’s define each of them.

Authentication – Begins when a user tries to access information.  When logging into a computer or on a website, users commonly enter usernames and passwords for authentication purposes.  This login combination, which must be assigned to each user, authenticates access.  A better form of authentication is biometrics which depends on the user’s presence and biological makeup (retina or fingerprints).  This technology makes it more difficult for hackers to break in.

Authentication Methods

• Wired Equivalent Privacy (WEP) – The original security mechanism built into the 802.11 standard with several variations.  The most common version is static WEP where all stations share a single key for authentication and encryption.   The WEP key is used for both authentication and encryption. (More on that later.)
• Pre-Shared Key (PSK) – PSK authentication is the common form of authentication used for consumer Wi-Fi routers.  PSK is similar to WEP as it is used for both authentication and encryption.  All devices share the same network key, which must be kept confidential.  This is easy to configure for a small number of devices.
• Wi-Fi- Protected Access (WPA) – This standard was developed to replace WEP.  Wi-Fi devices typically support multiple variation of WPA technology.  Traditional WPA is also known as WPA-personal and sometimes referred to WPA-PSK which is designed for home networks while another version called WPA-Enterprise is used in corporate settings.
• Open – Open authentication really means no authentication.  The network is open for anyone to join and no keys are required.
• RADIUS (Remote Authentication Dial in User Service) – This method is used for applications such as network access or IP mobility.  It’s intended to work in both local and roaming situations.   RADIUS is also known as 802.1X.

Authorization – Authorization is the process by which network servers determine if the client has permission to use a resource or access a file.  Authorization is usually tied with authentication so the server has some concept of who the client is that is requesting the access.  Passwords may be required in some cases but not to others.  Most require no authentication or authorization.

Encryption – Encryption is the process of using an algorithm to transform information to make it unreadable for unauthorized users.  The encoded data may only be decrypted or made readable with a key.

Encryption Methods

• Open – Open networks have no encryption and offer no protection on wireless networks.  Most hot spot or guest networks are open networks, because the end user is expected to use their own protection methods.
• WEP – WEP encryption functions the same way as the authentication and should be considered no more secured than an open network.
• Temporal Key Integrity Protocol (TKIP) – TKIP uses the same encryption algorithm as WEP, however TKIP has additional security built in, in addition to message integrity check.
• Advanced Encryption Standard (AES) – AES is a widely supported encryption method and is the recommended encryption type for all wireless networks that contain confidential data.  AES provides a high level of security, similar to IP Security (IPsec).
• Internet Protocol Security (IPsec) – A set of protocols that provides security for Internet Protocol.  IPsec can be used for setting up a virtual private network (VPN) is a secure manner.

I hope you found this information helpful.  Please feel free to forward it to others.  If you would like to learn more about this topic or would like to request a topic, please contact me. If you missed any past newsletters or would like a printed copy, please visit my website www.mdsystemsolutions.com.

Until next time…Happy Computing!!!