HAB Consultancy Ltd

What is Wi-Fi?
Wi-Fi is an abbreviation for wireless fidelity. This is another name for IEEE 802.11b. It is a trade term promulgated by the Wireless Ethernet Compatibility Alliance (WECA). "Wi-Fi" is used in place of 802.11b in the same way that "Ethernet" is used in place of IEEE 802.3. Products certified as Wi-Fi by WECA are interoperable with each other even if they are from different manufacturers. A user with a Wi-Fi product can use any brand of Access Point with any other brand of client hardware that is built to the Wi-Fi standard.

What is WiMAX?
WiMAX is a standards-based wireless technology that provides high-throughput broadband connections over long distances. WiMAX can be used for a number of applications, including "last mile" broadband connections, hotspot and cellular backhaul, and high-speed enterprise connectivity for businesses. Effectively is is an implementation of the IEEE 802.16 standard, WiMAX provides metropolitan area network connectivity at speeds of up to 75 Mb/sec. WiMAX systems can be used to transmit signal as far as 30 miles. However, on the average a WiMAX base-station installation will likely cover between three to five miles.

What is a Hotspot?
A 'hotspot' is a location where networking is available using a wireless server/client solution. These are generally harder to provide secure connectivity, however are ideal for wireless broadband solutions at airports, hotels and restaurants. The end user can utilise a laptop, PDA or mobile phone to gain access to websites and email.

What is a Fixed Point Wireless Network?
A 'fixed point wireless network' is a wireless network where all connectivity points are equal and operate in a peer-to-peer basis. This type of network is much easier to secure. Unlike hotspots laptops, PDA's and mobile phones cannot gain access directly to the wireless network.

64/128/256 bit WEP Encryption
WEP is the abbreviation for 'Wired Equivalent Privacy', a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN. LANs are inherently more secure than WLANs because LANs are somewhat protected by their physical structure, having some or all parts of the network inside a building that can be protected from unauthorized access. WLANs, which are over radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP provides security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.

WPA Encryption
WPA is the abbreviation for Wi-Fi Protected Access. It is a powerful, standards-based, interoperable security technology designed for Wi-Fi networks. It provides strong data protection by using encryption as well as strong access controls and user authentication. WPA can be enabled in two versions (WPA-Personal and WPA-Enterprise). WPA-Personal protects unauthorized network access by utilizing a set-up password. WPA-Enterprise verifies network users through a server. WPA utilizes 128-bit encryption keys and dynamic session keys to ensure your wireless network's privacy and enterprise security.

WPA2 Encryption
WPA2 (Wi-Fi Protected Access 2) provides network administrators with a high level of assurance that only authorized users can access the network. Based on the ratified IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm. WPA2 can be enabled in two versions (WPA2 - Personal and WPA2 - Enterprise). WPA2 - Personal protects unauthorized network access by utilizing a set-up password. WPA2 - Enterprise verifies network users through a server. WPA2 is backward compatible with WPA.

MAC Address Filtration
As part of the 802.11b standard, every Wi-Fi radio has its unique Media Access Control (MAC) number allocated by the manufacturer. To increase wireless network security, it is possible for an IT manager to program a corporate Wi-Fi access point to accept only certain MAC addresses and filter out all others. The MAC control table thus created works like "call blocking" on a telephone: if a computer with an unknown MAC address tries to connect, the access point will not allow it. However, programming all the authorized users' MAC addresses into all the company's access points can be an arduous task for a large organization and can be time consuming — but for the home technology enthusiast it can be quite effective. It is also possible for a dedicated hacker to "spoof" a MAC address, by intercepting valid MAC addresses and then programming his or her computer to broadcast using one of those. Despite that, for small network installations, using a MAC filtering technique can a be very effective method to prevent unauthorized access.

MAC Address governed DHCP Services
MAC Address governed DHCP Services provide the ability for networks to be allocated DHCP networking information based on the computer, wireless access point, printer and other network components MAC Addresses. Anti-Spoofing technologies can also be utilised along side to provide additional protection. The benefits of this type of solution is that it acts as an additional line of defence against hack attacks. Such facilities are utilised on military network solutions to aid security and secure functionality.

RADIUS Authentication
RADIUS (Remote Access Dial-Up User Service) is another standard technology that is already in use by many major corporations to protect access to wireless networks. RADIUS is a user name and password scheme that enables only approved users to access the network; it does not affect or encrypt data. The first time a user wants access to the network, secure files or net locations, he or she must input his or her name and password and submit it over the network to the RADIUS server. The server then verifies that the individual has an account and, if so, ensures that the person uses the correct password before she or he can get on the network. RADIUS can be set up to provide different access levels or classes of access. For example, one level can provide blanket access to the Internet; another can provide access to the Internet as well as to e-mail communications; yet another account class can provide access to the Net, email and the secure business file server. Like other sophisticated security technologies already mentioned, RADIUS comes in a variety of types and levels. You can use the free RADIUS provided by Microsoft for its advanced server operating systems, or you can use a sophisticated hardware and software solution.

Kerberos Authentication
Another way to protect your wireless data is by using a technology called Kerberos. Created by MIT, Kerberos is a network authentication system based on key distribution. It allows entities that communicate over a wired or wireless network to prove their identity to each other while preventing eavesdropping or replay attacks. It also provides for data stream integrity (detection of modification) and secrecy (preventing unauthorized reading) using cryptography systems such as DES. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business. Kerberos works by providing principals (users or services) with digital tickets that they can use to identify themselves to the network and secret cryptographic keys for secure communications. A ticket is a sequence of a few hundred bytes that can be embedded in virtually any other network protocol, thereby allowing the processes implementing that protocol to be sure about the identity of the principals involved. Kerberos is available free from MIT and as a product from many different vendors.

802.16, 802.24 and Other Wi-Fi Advancements
As Wireless solutions develop and new technology standards evolve so too do the security developments. It is expected that many of the new security features will include much of what is currently seen in today's Leading Edge Firewall Solutions.

Secure Wireless Solutions
HAB Consultancy utilise and combine the very latest technologies to produce government standard secure wireless solutions. Whether you are looking to defend a local network or a global online empire, HAB Consultancy can provide the skills and knowledge to design, implement and maintain one of the worlds most secure networks.

HAB Consultancy's solutions are ideal for:

Postal Services
Banking
Financial Markets
Government (Embassies, Central Government, Police, Schools, Hospitals, and more).
Corporations

E-Mail us at it@hab-consultancy.com to discuss your Secure Wireless Network requirements.