Security - What are some of the different ranges of wireless security measures?

When you get to be serious about wireless security, there are several mechanisms / measures that you can take, here are some details of the problem and solutions:
First – generation wireless networking has made it hard to decide whether or not you should deploy a wireless local area network (WLAN) even though there are many shortcomings such as rampant threats, vulnerabilities of the protocol and so on. Sometimes you might feel like banning the WLAN neglecting its advantages in business due to a fear of rogue AP (access points) cropping up. In either of the cases it’s a no- win situation. However, over a period of time, wireless protocols have been revised with some improvements that have made them more secure. Given the various threats (some of which can be innovative), wireless security has to be taken seriously like other types of network threats.
A WLAN security suite should be installed for providing security. The Wireless security can be more enhanced if we have a proper knowledge about how to correctly integrate wireless devices with wired networks, upgrading the existing security tools and after a due selection of the appropriate security technologies. We should be sure that security solutions for virtual private networks are based on the present generation of the encryption and authentication protocols. Because threats can come in new and improved methods, on a continuous basis, you need to keep monitoring the health of your network for keeping it secure. Attackers are always waiting for seeing an unprotected WLAN and then invading and turning it.
It is quite easy to record wireless traffic and eventually break in, getting such valuable info such as proprietary information, login details, server addresses and so on (nowadays, stealing credit card details seems to have become a business for the attackers). In addition to stealing information, the attackers can also take control of networks and use them for transmitting spams, steal bandwidth, or use this network as a Launchpad for attacking other networks. The traffic can be recorded and modified, and the consequences can be legal or financial.
A business can be disrupted even by an attacker with low technology skills with packaged scripts that make it easy to attack networks and hunt for weak points (for example, a known security hole has not be fixed and the script uses that hole to get inside and eventually gain access). The attacker can flood your internet uplinks, wired networks and access points with wireless packets. You should known from what you are defending your systems and why protecting different possible points of entry. If you don’t know this, then you don't really have a chance, at sometime or the other, you will have your network without protection, and all the security measures are in vain.
The identification of assets and the impact of the loss is critical for security analysis. If you are using connection methods such as DSL, dial up or wireless, the access requirements should be defined by your security policy. If your system follows a remote access policy for the telecommuters, it should be expanded to incorporate wireless. If there is no such policy, one should be created. The scenarios unique to the wireless network must be included. The rules of wireless network are different for the employees and office visitors. The public areas have jacks that are typically associated with some known addresses and are sometimes disabled. But the PDAs and the laptops can be easily connected to the wireless stations and access points in the nearby location. This serves as both opportunity and a threat.
For guests the peer-to-peer networking should be prohibited and sessions should be permitted through certain access points with limited bandwidth and duration. After the identification of the assets, enumeration of the risks should be done. The last step is the quantifying of the risks. In security it is always important to weigh the risk against the cost. Once you have got this right, the other WLAN alternatives can be considered. Before setting up the access points, you should take a survey of the WLAN using a discovery tool. Some set up wizards have made it possible for the employees to deploy rogue access points through which the corporate’s info and assets can be exposed to the outside world. It can also introduce disturbance in to the WLAN. These rogue apps must be eliminated. With such surveys, you can also find workstations that are not authorized to access the internet. 

Quick detail of some network security tools

Every web application and site can face pretty intense security threats such as cross site scripting, account hacking and so on, with new ones emerging on a regular basis. The load on the security providing vendors is increasing day by day for building products that offer more security while being able to respond quickly to new threats. As we develop new security measures and tools, the attackers also develop new methods for hampering the security. Some of the network security tools have to be paid for while others are open source tools (that can help you a lot and are effective). To a great extent these tools perform the task exactly as you like it but sometimes their settings have to be customized as per the security needs of the structure of the network. Some examples of the open source tools are Ettercap, nikto, Nessus etc. discussed below:
1. Wireshark: This is a multi – platform network protocol analyzer which is available as an open source tool. Using it the data can be examined from a file captured on the disk or from a live network. The data can be browsed and the exact details can be obtained. It comes with very useful features such as filter language with a rich display, and a view of the reconstructed TCP session stream. It also comes with support for a number of media types and protocols.
2. Metasploit: This one is also an open source tool but with advanced features for development, and testing of the exploit code. Metaspoilt framework is now being used as an exploitation research outlet because of the extensible models which is used for integrating the encoders, exploits, payloads and no – op generators. This tool makes it easy for you to write your own exploits. An official java based GUI is now included with the framework.
3. Nessus: This tool provides excellent capabilities for scanning the potential vulnerabilities of the unix systems. Initially it was an open source tool till 2008. It now comes for a good price and is still ahead of many of its competitor. A licensed version is also available for use in the home network. The tool boasts of having a whopping 46000 plugins. Some features are embedded scripting language that allows you to write your own plugins, client – server architecture having a web – based interface, local as well as remote security checks.
4. Aircrack: This is a tool suite developed especially for the 802.11 a/b/g WEP and WPA cracking. This tool makes use of the well-known cracking algorithms for recovering the wireless keys. This it does only after the encrypted packets have been gathered. Some of the tools in this suite are airodump, aircrack, airdecap, aireplay and so on.
5. Snort: This tool has proved very good in detecting and preventing network intrusions. This is a very effective tool for analysis of traffic and packet logging on the networks. The tool has capability of detecting 1000s of worms by means of content searching, protocol analysis, pre – processors and so on. It is also capable of port scanning, vulnerability exploit attempts etc. it is based up on a rule – based language which is quite flexibility.
6. Cain and Abel: This is a tool that has been developed for handling the windows – only password recovery and for handling various other tasks as well. It is capable of performing the following functions:
- Recovery of the password by sniffing the network.
- Cracking the passwords that are encrypted by means dictionary.
- Cryptanalysis and brute – force attacks.
- Recording the VoIP conversations
- Revealing the password boxes.
- Decoding the scrambled passwords.
- Analyzation of the routing protocols.
The tool comes with proper documentation.

There are others as well, this is a quick summary of some of them. If you use others or have some feedback, do let me know via comments.

Quick Tech Tip: Wireless Networks

The wireless communication revolution is bringing fundamental changes to data networking, telecommunication, and is making integrated networks a reality. By freeing the user from the cord, new systems (personal communications networks, wireless LAN's, mobile radio networks and cellular systems, etc), harbor the promise of fully distributed mobile computing and communications, in a new paradigm of any time, anywhere.
A wireless network allows you to connect your computer to a network using radio waves instead of wires. As long as you are within range of a wireless access point, you can move your computer from place to place while maintaining un-ethered access to networked resources. This can make networking extremely portable.
Wireless networks are of great value to fleets of trucks, taxis, buses and repair persons for keeping in contact with home. Another use is for rescue workers at disaster sites where the telephone system has been destroyed such as in the aftermath of Hurricane Katrina. Wireless networks are very important to the military.
Some wireless data networks run over wireless voice networks, such as mobile telephone networks (CPDP, HSCSD, PDC-P, and GPRS are examples). Other wireless networks run on their own physical layer networks, utilizing anything from antennas built into handlheld devices to large antennas mounted on towers. 802.11, LMDS, and MMDS are examples.
A few wireless networks are intended only to connect small devices over short distances. Bluetooth is an example.
Wireless LANs are networks are set up to provide wireless connectivity within a finite coverage area. Typical coverage areas might be a hospital (for patient care systems), a university, the airport, or a gas plant. They usually have a well-known audience in mind.
Wireless Personal Area Networking (WPAN) describes an application of wireless technology that is intended to address usage scenarios that are inherently personal in nature. The emphasis is on instant connectivity between devices that manage personal data or which facilitate data sharing between small groups of individuals.