#22 NETWORK AND DEVICE SECURITY: THE NETWORKING SERIES
Are you online? Of course you are! And that’s how you are reading this blog right now. Would you like to know how this is possible? This series is all about what it takes to be online and access internet!
Hey peeps, hope you all doing good. After a long gap, I’m back with “The Networking Series”. So far, we have learnt about networking, but by learning only the networking doesn’t make you a security person. The main thing for a security person is to know about the security part of every topic. Hence, let’s start our security part in networking!
Security measures should be planned and configured before connecting to the network or ISP.
- Basic wireless settings: Change the default Service Set Identifier(SSID)
- Wireless Security: Configure the security mode to use WPA2. Set the encryption to Advanced Encryption Standard(AES)
- MAC Address Filtering: Configure the MAC addresses that you want to permit
- Port Forwarding: Configure the ports that should be forwarded to a specific device such as web server
Changing the default settings
Most wireless access points and routers are preconfigured with settings such as SSIDs, administrator passwords, and IP addresses. These settings are very helpful for a novice user to set up and configure the device. Unfortunately, these default settings can also make it easy for an attacker to identify and infiltrate a network.
You cannot protect your network only by changing the default settings. For examples, SSIDs are transmitted in plaintext. There are devices which can intercept wireless signals and read plaintext messages. Even when the SSID default values changes, the attacker can know the name of a wireless network through the use of the devices that intercept wireless signals. This information is used to connect to a network.
MAC Address Filtering
One of the ways to limit access to the wireless network is to control exactly which devices are allowed on the wireless network by filtering MAC addresses. If MAC address filtering is configured for devices that are allowed on the network, then when a wireless device attempts to connect with an access point it will send the MAC address information. The access point will look up the MAC address of the connecting client and decides whether to allow or restrict the connection based on the configuration.
In addition to MAC address filtering, another way to control who can connect to a network is to implement Authentication. Authentication is permitting entry based on a set of credentials.
The use of username and password is the most common form of authentication. But in wireless authentication, there are different types of authentication methods including open authentication, PSK, EAP and SAE. Open authentication should only be used in public wireless networks such as those are in restaurants and schools. If both authentication and MAC address filtering are enabled, authentication occurs first.
So with this blog, we came to the end of “THE NETWORKING SERIES”. I’ll try to come up with another learning series soon!!