CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [74]
VPN systems can be dedicated to a certain protocol, or they can pass whatever protocols they see on one end of the network to the other end. A pure VPN connection appears as a dedicated wired connection between the two network ends.
Wireless Access Points
It does not take much to build a wireless network. On the client side, you need a wireless network card (NIC) in place of the standard wired NIC. On the network side, you need something to communicate with the clients.
The primary method of connecting a wireless device to a network is via a wireless portal. A wireless access point (WAP) is a low-power transmitter/receiver, also known as a transceiver, which is strategically placed for access. The portable device and the access point communicate using one of several communications protocols, including IEEE 802.11 (also known as Wireless Ethernet).
Wireless communications, as the name implies, don’t use wires as the basis for communication. Most frequently, they use a portion of the radio frequency (RF) spectrum called microwave. Wireless communication methods are becoming more prevalent in computing because the cost of the transmitting and receiving equipment has fallen drastically over the last few years. Wireless also offers mobile connectivity within a campus, a building, or even a city. Most wireless frequencies are shared frequencies in that more than one person may be using the same frequency for communication.
Figure 3.10 illustrates a wireless portal being used to connect a computer to a company network. Notice that the portal connects to the network and is treated like any other connection used in the network.
Wireless communications, although convenient, can also be less than secure. While many WAPs now ship with encryption on, you will still want to verify that this is the case with your network.
FIGURE 3.10 Wireless access point and workstation
Real World Scenario
Estimating Signal Strength
One of the most troublesome aspects of working with wireless networks is trying to compute the strength of the signal between the WAP and the client(s). It’s often joked that a hacker can stand outside a building and tap into your network but a user within the building can’t get a strong enough signal to stay on the network.
Think of the signal in terms of any other radio signal—its strength is reduced significantly by cinderblock walls, metal cabinets, and other barriers. The signal can pass through glass windows and thin walls with no difficulty.
When you’re laying out a network, it’s highly recommended that you install a strength meter on a workstation—many are free to download—and use it to evaluate the intensity of the signal you’re receiving. If the signal is weak, you can add additional WAPs and repeaters to the network, just as you would on a wired network.
At a bare minimum, Wired Equivalent Privacy (WEP) should be used across the wireless network. WEP is discussed further in Chapter 7, “Cryptography Basics, Methods, and Standards.” Wi-Fi Protected Access (WPA) was created by the Wi-Fi Alliance—an industry trade group—to address many of the holes in security based on 802.11i. You can find more information about WPA at http://www.wi-fi.org/knowledge_center/wpa/.
Monitoring and Diagnosing Networks
Network monitoring is an area as old as data communications. It is the process of using a data-capture device or other method to intercept information from a network. Network monitors come in two forms: sniffers and intrusion detection systems