Security Design for Wireless Local Area Network (WLAN)

Wireless networking is rising with the ever-increasing need for businesses to lower costs and support mobility of workers. Compared with wired networking, wireless capability offers more timeliness, affordability, and efficiency. When performing installations, there are many tangible cost savings with using less wire between the user's appliance and a server. However, most of the organization that decided to deploywireless network within their working environment often overlooked the security aspect of the deployed wireless LAN. Therefore, this will jeopardize the organization's safety in terms of network security and business trade secrets if their network is intruded by their rivals. This project concentrates on Wireless Local Area Network architecture and the security aspect of the designed network. Firstly, the project will emphasizes on researching about WLAN architecture. This is to ensure best practice method to be taken in designing the WLAN. It is then followed by extensive research to deploy better security to the designed network. However, the security aspect to be deployed is based on the needs and the architecture of the WLAN. The designed network is tested by conducting similar simulation at the lab which represents real - time performance and situation where the network architecture will be implemented and tested. For the time being, 802.IX / EAP ( Extensible Authentication Protocol ) is proven to be the best practice solution to secure any Wireless LAN implemented. Through the simulation, it will be proven that the proposed WLAN design is secure for implementation by any other interested parties

Determining wireless local area network (WLAN) vulnerabilities on academic network

The advancement and proliferation of wireless local area network nowadays have driven for an alarm on the whole network operation.The concern applies to both business and academic computer network environments.This paper describes our research and experiences in performing network vulnerabilities analysis in academic local area network.The research uses network vulnerability analysis methodology to perform vulnerability analysis on Academic and Administration building. From the analysis, the overall network security level can be determined.Remedies and solution to counter any vulnerability can also be prescribed and this will reduce network vulnerability threat to academic local area network

Implementing Security in a Client/Server Wireless Local Area Network

Computer network evolves with birth of Wireless Local Area Network (WLAN). Tangible benefits such as increase employee satisfaction and productivity drive enterprise WLANs adoption. However, security remains the most significant, but least understood in information technology. In the year 2001, academic researchers reported vulnerability in IEEE 802.11b Wired Equivalent Privacy (WEP) protocol. Solutions from IEEE 802.11 IETF, Wi-Fi Alliance and OEMs are studies for secure wireless solutions. A baseline WLAN which is solely secured by WEP is established. Concerns and security issuess related to WLAN polled by Network Computing in 2002 is used to formulate the interview questions. Interviews with network engineers reviewed security issues and threats during enterprise WLAN deployment. Deploying and maintaining a secure WLAN is governed by three factors. The first factor is technology. Integration of WEP with Virtual Private Networking (VPN) and IPSec, plus 802.1X coupled with EAP and RADIUS server, on existing centralized administration database and security and enable block access at multiple layers of the network. Besides technology, people and process also dictate security in WLAN. Employees should be trained constantly on IT Security Policy and empowered to enforce IT Security, as security is very employee's responsibility. It is a mandate to establish an IS Security Policy to regulate all process and best known methods to constinuously maintain security of the enterprise

Secure Distributed Dynamic State Estimation in Wide-Area Smart Grids

Smart grid is a large complex network with a myriad of vulnerabilities, usually operated in adversarial settings and regulated based on estimated system states. In this study, we propose a novel highly secure distributed dynamic state estimation mechanism for wide-area (multi-area) smart grids, composed of geographically separated subregions, each supervised by a local control center. We firstly propose a distributed state estimator assuming regular system operation, that achieves near-optimal performance based on the local Kalman filters and with the exchange of necessary information between local centers. To enhance the security, we further propose to (i) protect the network database and the network communication channels against attacks and data manipulations via a blockchain (BC)-based system design, where the BC operates on the peer-to-peer network of local centers, (ii) locally detect the measurement anomalies in real-time to eliminate their effects on the state estimation process, and (iii) detect misbehaving (hacked/faulty) local centers in real-time via a distributed trust management scheme over the network. We provide theoretical guarantees regarding the false alarm rates of the proposed detection schemes, where the false alarms can be easily controlled. Numerical studies illustrate that the proposed mechanism offers reliable state estimation under regular system operation, timely and accurate detection of anomalies, and good state recovery performance in case of anomalies

Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions

As computation spreads from computers to networks of computers, and migrates into cyberspace, it ceases to be globally programmable, but it remains programmable indirectly: network computations cannot be controlled, but they can be steered by local constraints on network nodes. The tasks of "programming" global behaviors through local constraints belong to the area of security. The "program particles" that assure that a system of local interactions leads towards some desired global goals are called security protocols. As computation spreads beyond cyberspace, into physical and social spaces, new security tasks and problems arise. As networks are extended by physical sensors and controllers, including the humans, and interlaced with social networks, the engineering concepts and techniques of computer security blend with the social processes of security. These new connectors for computational and social software require a new "discipline of programming" of global behaviors through local constraints. Since the new discipline seems to be emerging from a combination of established models of security protocols with older methods of procedural programming, we use the name procedures for these new connectors, that generalize protocols. In the present paper we propose actor-networks as a formal model of computation in heterogenous networks of computers, humans and their devices; and we introduce Procedure Derivation Logic (PDL) as a framework for reasoning about security in actor-networks. On the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL) that evolved through our work in security in last 10 years. Both formalisms are geared towards graphic reasoning and tool support. We illustrate their workings by analysing a popular form of two-factor authentication, and a multi-channel device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended references, added discussio

Evaluation of Network Architecture and Its Implication on Connectivity and Data Security

Networking offers the framework to congregate largely heterogeneous entities so that they can communicate. In this paper we review aspects of Network architectural design that aims to ensure connectivity and data security for network users. Security protocols like the Internet Protocol Security (IPsec) ensures data security for users of a Virtual Private Network which provides encryption, tunneling and authentication services. Virtual Local Area Networks plays a role in network management and security. Access Control lists provides an overview of rights granted to users to access network resources thereby reducing incidence of hacking to the minimum. Combining these techniques in a network would ensure uninterrupted service and data security to network users

A Study of Security Limitations in Virtual Local Area Network Implementation

Virtual Local Area Network (VLAN) in simple terms is defined as a group of Local Area Network (LAN) that has different physical connections, but communicates as if they are connected on a single network segment.VLAN was developed mainly for the need in network segmenting solution, since network traffic increases in proportional to the network size in the same time to offer additional network security.This technology has now become possible by the advancement of various LAN Switches which offer the VLAN feature.Few researches has been carried out which explain the technology part of the system.This thesis provides a study on VLAN mainly covering the implementation of the system and the security weakness present in certain conditions of implementation.For the VLAN system,an onsite study was conducted to explore the implementation of the system in real life environment followed by a practical test conducted to examine the weaknesses part of the system.The results obtained from the test showed that under certain type of implementation, the security features of the VLAN system can be exploited. Solutions are proposed to further improve the security of the system in which certain part of the solution was gathered upon verifying the issue with the switch manufacture

Wireless Local Area Network Security : An Investigation Into Security Tool Usage In Wireless Networks

Many organisations and individuals installing wireless local area networks (WLANs), which are based on the IEEE 802.11 b standard, have little understanding of the security issues that surround this technology. This study was initiated to determine how WLAN security issues affect organisations in Perth, Western Australia. The scope of the study was restricted to 802.llb WLANs operating in infrastructure mode, where all traffic is transmitted by wireless access points (APs). This study was conducted in two phases. The general aims of the first phase were to determine the number of detectable WLANs in the Perth Central Business District (CBD) and subsequently, the percentage of them that have enabled Wired Equivalent Privacy (WEP). Additionally, phase 1 was able to show how many WLANs were still using the manufacturer\u27s default settings and how the network devices may be grouped according to manufacturer. The general aims of the second phase were to find out if the IT managers of various Perth organisations were aware of the security issues related to WLANs and to find out the degree to which the security tools and processes have been implemented. These aims were also achieved and in addition, anecdotal information was collected and analysed. The results of this study indicate that in the Perth CBD, the majority of those persons responsible for the implementation and management of wireless networks are aware of the problems and have taken steps to secure their networks