Wireless Security: Rogue Devices and Rogue Access Points, the Gateway to Network Attacks, Research Paper Example

1. TAS Current Scenario

TAS toys store comprising of 10 branches within the same area requires secure and effective wireless network connectivity. There are no requirements for establishing connectivity on long distant stores. However, security is a primary concern, as data channels will be established in the environment. For addressing the security issue, Cisco provides rich features and adds an extra layer of security on the wireless networks. The embedded security technologies on a wireless architecture are now standardized, as they are available by default in all vendor manufactured wireless devices. Some of these technologies are WEP, WPA etc. Moreover, after securing the data in transit by encryption, we have proposed a wireless intrusion prevention system that will continuously monitor and prevent the network from cyber threats. However, there is no guarantee of the network security, if the iPads/PDA’s are misused and stolen or snatched from one of the employees of TAS. For addressing human threats, acceptable use policy and password policies will be implemented.

2. Solution

As the TAS environment requires wireless connectivity, ‘access points’ are required. ‘Access points’ are the device which is used to connect devices equipped with wireless technology. ‘Access points’ transmits and receive radio signals adjacent to a network hub over a limited distance. However, distant varies from different model types and wireless technology adopted. The TAS requirement is to provide access of network resources to the staff for connecting the iPads. Cisco delivers a borderless mobility experience which gives users access to the information and resources with the quality and performance.

2.1      Wireless connectivity of TAS sites

TAS has 10 stores within the same area, and there is no information regarding the distance of each of these sites with each other. When designing a wireless point to point connectivity, the distance is always considered due to limitation of wireless technology. Cost is also a major factor when implementing and designing a wireless network. There are two methodologies which can be adopted for connecting all 10 sites to provide Internet connectivity.

2.1.1     Wi-Fi 802.11/y

It is a relatively new wireless standard defined by IEEE 802.11 standards with more enhanced capabilities as compared to 802.11n. It operates on 3.6 to 3.7 GHz on 54 Mbps with the distance of 3 miles (Parsons & Oja, 2009). The distance which is required to connect all of these 10 sites can be achieved by connecting via 802.11y Wi-Fi technology. However this technology is currently available only in United States of America.

The hardware which is required to connect all these 10 sites is relatively of low cost. This is a low cost solution but it has certain limitations as it is available only in the United States. There are very few IEEE 802.11y complaint devices available. The router can be installed at any one end of either side to broadcast the signals compatible to 802.11y standards. The router must support functions such as Firewall, Network Address Translation, Dynamic Host Configuration Protocol, Local Area Network ports (more than one). Similarly, Voice over IP, Wireless Local Area Network and Max wireless data must support a transfer rate of 54 Mbps or more. The complaint standards requirements will be IEEE 802.11h, IEEE 802.11n, IEEE 802.11y, IEEE 802.11 IEEE 802.11a IEEE 802.11b IEEE 802.11d IEEE 802.11g etc.. As the router will support ranges up to 3 miles, users can connect to the wireless network directly. Security can also be applied as the wireless router must support a firewall and Wired Encryption Privacy and other security along with encryption techniques can be configured. Moreover, Dynamic Host Configuration Protocol can be configured by defining the IP address range in the router IOS. The parameters for defining the DHCP server are DHCP Server, Start IP Address and End IP Address. By configuring the DHCP server, the router will automatically assign IP addresses to the host it connects.

2.1.2     Access points

(Angelescu, 2010) Each ‘Cisco Aironet 1500 series access points’ are compatible to operate on the frequency range: ‘802.11/g’. Depending on the area of the store, minimum of two access points are recommended for each store, so that the employees can roam within the store premises without service disruption. ‘Access points’ will be configured to assign IP addresses automatically to the TAS staff by Dynamic Host Configuration Protocol (DHCP). For connecting the ‘access points’, workstations will require a Wi-Fi Ethernet card. If the iPad already has the capability of connecting to the wireless network, then there is no requirement of an operating system with a functional wireless Ethernet adapter. The ‘Cisco access point 1500 series’ will perform as a unified wireless network by integrating ‘Cisco 4400 wireless LAN controller’, ‘Cisco Aironet 1500 Series Access points’ and ‘Cisco 3300 Series Mobility Services Engine’ to support these features:

  • Cisco Clear air Technology
  • Service mobility engines
  • Context aware Services
  • Mobility services from the local area network
  • Unified application delivery integration with the Wi-Fi, LAN, Wi-max and cellular networks
  • API on Simple Object Access Protocol (SOAP)
  • Extensive Markup Language (XML) for third party application development
  • Security policies
  • Mobility

2.2      Cisco Unified Wireless network

As there is no requirement of a hub on any of the stores, any one of the stores can be considered as the hub branch where implementation of wireless technology will be conducted (Lammle, 2010). The wireless infrastructure of Cisco which is called a ‘Cisco Wireless Control System’ consists of following components (Lammle, 2010):

  • Cisco 4400 wireless LAN controller
  • Cisco Aironet 1500 Series Access points
  • Cisco 3300 Series Mobility Services Engine
  • Integrated support for (wIPS)
  • Built in support for ‘Cisco context-aware services’.

2.3      Wireless Network Threat Management

Denial of Service attacks is executed for rendering the targeted machines to become inaccessible for authentic users. Attacks on the wireless networks are focused on revealing information that travels in between nodes. (Sharma, Chaba, & Singh, 2010) Likewise, this information is vulnerable for a breach in integrity, confidentiality, eavesdropping, and authentication. A node application attack incorporates an intruder penetrating a new cloned node within a network from a legacy node (Sharma, Chaba, & Singh, 2010). In a routing attack, the attacker targets the routing protocols of wireless networks (Sharma, Chaba, & Singh, 2010). All these attacks can be prevented by configuring SNEP: Sensor Network Encryption Protocol for wireless networks (Sharma, Chaba, & Singh, 2010).

2.4      Wireless Intrusion Prevention System (W IPS) (For Wireless Networks)

This security feature is integrated within the ‘Cisco Unified Wireless Network Architecture’. ‘WIPS’ provide specific threat detection methodology and improved protection against malicious code, unauthorized access, security vulnerabilities and other sources which may disrupt the network performance. The ‘Cisco WIPS’ analyze and identify wireless threats and manages mitigation and resolution of security and performance concerns on a centralized point. Most wireless networks are not designed to protect the network core which is impenetrable by most wireless networks, while ‘Cisco WIPS’ has proactive threat protection to eliminate attacks on network cores. ‘Cisco Wireless LAN Controllers’ are integrated within the enterprise networks core infrastructure. They communicate with ‘Controller-based Access Points’ over ‘Layer 2’ or ‘Layer 3’ infrastructure of the ‘OSI’ model. These devices support automation of numerous ‘WLAN’ configuration and management functions across all enterprise locations.

References

Angelescu, S. (2010). CCNA certification all-in-one for dummies Wiley.

Lammle, T. (2010). CCNA wireless study guide: IUWNE exam 640-721 Wiley.

Parsons, J. J., & Oja, D. (2009). Computer concepts 2010: New perspectives Cengage South-Western.

Sharma, R., Chaba, Y., & Singh, Y. (2010). Analysis of security protocols in wireless sensor network. International Journal of Advanced Networking & Applications, 2(3), 707-713.