19 | 12 | 2018

WLAN security

Wireless LAN security must be concerned upon design of the network. A secured WLAN not only about WPA or WEP (wireless data encryption), but also a full security picture consist existing network too. A secured and adaptive wireless network does not equal to very high cost, indeed, it can be built from existing network infrastructure.

Let's take a look at different security models:

PSK (Pre-shared Key)

Applied environment : SMB, Home

This security model is simple and depolyed by most of the small-medium business. Any Wi-Fi client require only a pre shared common key before accessing the network. It is unsecured if anyone know the key or if the key is common word which easy to guess. WPA2-PSK is well known which WPA2 is the encryption methodology. ACL (Access Control List) is applied in some cases to limit or grant access for some clients by their physical MAC address.

 

Radius (802.1X)

Applied environment : Large Corporation

Radius (802.1X) is only being applied to enterprise company or some condition that required highest Wi-Fi secuirty. As there is no shared key among all devices, clients required to login by their radius account before entering the network. The Access Point (AP) at this point is only a media of access. A domain controller can act as radius server also which make account management centralized and easier. Some firewalls feature as internet access management (IAM) which Internet behaviour of domain user can be then under control.

 

Captive Portal

Applied environment : Public area, Hotel, Club House, Restaurant

Captive Portal also called "hotspot". It is not a regular connection security model, indeed, captive portal is applied when client already connected to the network and when accessing network resource such as Internet. Triggered by any network activity such as HTTP request, DNS enquiry and PoP3, a browser is then pop up to ask for account and password. This model is a good choice for guest access which no configuration and restriction of Wi-Fi client and hardware, but gives certain security and authentication.


Combine security models

Applied environment : Hotel, Corporation

Combination of security models can be applied to all organizations as for different user group and security level. For example, a local office of a corporation which require WLAN for different user groups: account department, sales department, IT department and a lot of guests. By implement different security models in one single network, all users requirement can be fulfilled but the network is also secured.