0% found this document useful (0 votes)
54 views21 pages

Project Proposal

This document is a research proposal that examines cyber threats and management controls for wireless networks. Specifically, it will analyze security issues in wireless networks and existing security protocols like WEP, WPA, and WPA2. WPA2 is considered more secure than WPA as it uses the AES encryption standard. However, WPA is vulnerable to brute force attacks and flaws in the MIC field that allow encrypted data to be decrypted. The proposal aims to focus on analyzing the WPA security protocol and identifying weaknesses to propose effective wireless security mechanisms.

Uploaded by

KELVIN MURIITHI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
54 views21 pages

Project Proposal

This document is a research proposal that examines cyber threats and management controls for wireless networks. Specifically, it will analyze security issues in wireless networks and existing security protocols like WEP, WPA, and WPA2. WPA2 is considered more secure than WPA as it uses the AES encryption standard. However, WPA is vulnerable to brute force attacks and flaws in the MIC field that allow encrypted data to be decrypted. The proposal aims to focus on analyzing the WPA security protocol and identifying weaknesses to propose effective wireless security mechanisms.

Uploaded by

KELVIN MURIITHI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 21

CYBER THREATS MANAGEMENT AND CONTROL SYSTEM IN WIRELESS NETWORKS.

BY
MURIITHI KELVIN GITHAE
A RESEARCH PROPOSAL SUBMITTED TO THE DEPARTMENT OF COMPUTING AND E-
LEARNING IN THE SCHOOL OF MATHEMATICS AND COMPUTER SCIENCE IN PARTIAL
FULFILLMENT OF REQUIREMENTS FOR THE AWARD OF A DEGREE OF BACHELOR OF
SCIENCE IN INFORMATION TECHNOLOGY IN THE CO- OPERATIVE UNIVERSITY OF KENYA.

Declaration

This research proposal is my inventive work, not presented for a degree in any other university.
Kelvin Githae Muriithi BITC01/0040/2018
Signature…………… Date………….

Supervisor’s Declaration
This research proposal has been presented for examination with my authorization as the University supervisor.
Signature…………………. Date……………………………..
MR PETER MUIGAI
Department of Computing And E-learning
School of Mathematics and Computer science
The Cooperative University of Kenya
Dedication
I dedicate this proposal to my family and friends for their tireless support they have always accorded me in
whatever way through out that period of writing the proposal may God Bless them Abundantly

Acknowledgement

I acknowledge the Almighty God for his provision and care throughout the duration of this research proposal. I also

express my sincere gratitude to my supervisor Mr. Peter Muigai, for his guidance, valuable feedback and

encouragement throughout the project. Special gratitude to my family for encouragement and financial support

during this period, without this, this research would have been incomplete.

Table of Contents

Declaration........................................................................................................................................i

Dedication........................................................................................................................................ii

Acknowledgements........................................................................................................................iii

Abstract...........................................................................................................................................xi

CHAPTER ONE..............................................................................................................................1

INTRODUCTION...........................................................................................................................1

1Introduction................................................................................................................................1

1.1 Background of the Study.......................................................................................................1


1.2 Statement of the Problem.......................................................................................................3

1.4 Objectives of the Study..........................................................................................................4

1.4.1 General Objectives..........................................................................................................4

1.4.2 Specific Objectives.........................................................................................................4

1.5 Research Questions................................................................................................................4

1.6 Significance of the Study.......................................................................................................5

1.7 Scope of the Study.................................................................................................................5

CHAPTER TWO.............................................................................................................................7

LITERATURE REVIEW................................................................................................................7

2.0 Introduction............................................................................................................................7

2.1Theats in wireless networks....................................................................................................7

2.1.1 Related works..................................................................................................................7

2.1.2 major security protocols in wireless local area networks...............................................7

2.1.3 802.11b............................................................................................................................8

2.2 802.11i..............................................................................................................................8

2.2.1 WPA/WPA2 wireless protected area..............................................................................8

2.3 VPN............................................................................................................................9

Lists of abbreviations and acronyms

1 PKI- Public Key Infrastructure


2 Reg- registration number
3 WLAN- wireless local area network
4 Pda- wireless Digital Personal Digital Assistant
5 PC- Personal computer
6 WEP- wired equivalent protocol
7 Wi-Fi- wireless fidelity
8 WPS- Wi-Fi Protected Setup
9 AP- access point
10 BBS- Basic service set
11 WNIC- a wireless network interface card
12 Mac- medium access control
13 SSID- Service Set IDentifier
14 WPA- Wi-Fi Protected Access
15 RSN- Robust Security Network Association
16 AES- Advanced Encryption Standard
17 CCMP- Counter Mode CBC MAC Protocol
18 CBC- Cipher Block Chaining
19 TKIP- Temporal Key Integrity Protocol
20 CRC- Cyclic Redundancy Code
21 VPN- virtual private network
22 DoS- Denial of Service
23 IPSec-Internet Protocol security
24 SSL Secure Socket Layer.
25 WNIC- a wireless network interface card
26 Mac- medium access control
27 SSID- Service Set IDentifier
28 WPA- Wi-Fi Protected Access
29 RC4- Ron’s Code 4
30 CBC- Cipher Block Chaining
31 TKIP- Temporal Key Integrity Protocol
32 CRC- Cyclic Redundancy Code
33 VPN- virtual private network
34 DoS- Denial of Service
35 IPSec-Internet Protocol security
36 SSL Secure Socket Layer.
37 WPS- Wi-Fi Protected Setup
38 AAA Authenticating, Authorising and Accounting

Abstract

As we know wireless networks have broadcast nature and therefor there are different security issues in the wireless

communications. The security convention intended for the wired systems can’t be extrapolated to wireless system.

Intruders can utilize the loopholes of the wireless communications. In this project proposal I will try to mull over

the remote security dangers to wireless systems and conventions at present accessible like Wired Equivalent

Privacy (WEP), Wi-Fi Protected Access (WPA), And Wi-Fi Protected Access 2 (WPA)2 WPA2 is more secure
security convention that WPA as it uses Advanced Encryption Standard (AES) encryption .WPA is helpless in

brute force attacks and MIC bits could be utilized by the programmer to compare it with decoded content. So this

paper I will concentrate on WPA security convention.

CHAPTER ONE

1.1 INTRODUCTION

Wireless LAN technology has rapidly become very popular all over the world. The wireless local area network

(WLAN) protocol, IEEE 802.11, and associated technologies enable secure access to a network infrastructure.

Until the development of WLAN, the network client needed to be physically connected to the network by using

some kind of wiring.With the rapid increase in use of WLAN technology it is important to provide a secure

communication over wireless network. Since its creation the security of wireless

Networks went through different stages of development, from MAC address filtering or WEP to WPA/WPA2.The

wireless technology was proven to be very practical (not only) for home users. Such a handy option to be

comfortably connected to internet on a mobile device without the need of wires is still gaining in popularity. This

led to an attempt to make a configuration of WLAN easier for regular user without any knowledge about Computer

science. The result of this was standard known as Wi Fi Protected Setup (WPS).WPS, as a standardized

technology, is implemented on wide variety of currently produced wireless access points.

1.2 BACKGROUND OF THE STUDY

According to Siemens Enterprise Communications, July 2008 white paper, a number of concerns related to

insecurity risks with WLAN, such as loss of integrity, confidentiality, and network connectivity. Over the years,

various flaws have been demonstrated in WEP while research attribute vulnerability of WLAN setups to

installations that are inclined to with their default settings. Viehb, 2012 discovered vulnerability in the WPS

technology for WLAN security owing to poor design that enabled efficient brute force attack, which led to
immensely manipulating the security of all WPS- enabled Wi-Fi routers. Since recent models of routers are WPS

enabled, millions of devices were affected globally leading growing concerns over network security. Unethical

hackers found WLAN very easy to break through, the wireless technology made it easy to break into wired

networks. “War Driving is performed on wireless networks to verify the strength of the signal, encryption policy,

wireless network name, and the used channel, thus can be used for either to monitor or hack as illustrated by Sangit

2007. It is important that enterprises identify major security weaknesses within their WLAN in order to define

effective wireless security mechanisms policies that guard against unauthorized access to important data or

information, which is a great resource to the organization Chandra mouli, 2002 stated that the increasing demands

for mobile and flexible mechanisms in our day to day life, contributed significantly to the evolution from wired

LANs to wireless LAN (WLANs). A WLAN is based on a cellular architecture where the system is divided into

subsystems, each controlled by a Base station, known as Access point or AP. Figure 1 shows a simple model for

the wireless LAN

1.3 STATEMENT OF THE PROBLEM

Network security is sometimes more than what people always thought it to be, malware, virus, Trojan, hackers.

Network security could be caused by unintentional human error and it could be compromised by human nature as

well. A common network security problem (Employees) most organizations are facing sometimes has to do with

the company’s employees and their various errors they make. According to Dr. Michael E. Whitman, CISM,

CISSP, and the author of the textbook “Principals of Information Security, “Humans make mistakes; sometimes

that is due to inexperience or improper training, and sometimes it is Because an incorrect assumption was reached.

But regardless of the reason and the lack of malicious intent something as simple as a keyboarding error has the

potential to cause a worldwide Internet outage”.(Whitman and Mattord 2012) The problem of piracy is another

common network problem. Piracy is a situation where intellectual properties are compromised although there are

technical mechanisms that aid in enforcing copyright laws to tackle this problem. However it is not only human

errors that can cause problem to network security, problems can also be caused by natural forces like fire

breakouts, earthquakes, floods lightning etc. The ways network administrators think about securing networks has
been changed by an increasingly dynamic and technically challenging risk environment. New business models rely

on open networks with multiple access points to conduct business in real time, driving down costs and improving

response to revenue generating opportunity by leveraging on the ability to quickly exchange critical information,

share business files or folders and improve their competitive position.

1.4 OBJECTIVE OF THE STUDY

(i)General objective

Develop a framework of securing wireless networks

(ii) Specific objectives

-Investigate the existing wireless networks in order to identify threats and weaknesses .

- To develop a framework that will enhance wireless network security.

-To validate wireless network security framework

1.4 Research Questions

1.What makes the wireless network vulnerable?

2.What are some of the techniques that the hackers use to intrude a network?

3.what are the possible methodologies that will curb intrusion in the wireless network?

4.How will a control and management system help in curbing wireless network threats?

1.5 SIGNIFICANCE OF THE STUDY

Amidst many attacks, individuals and organizations need to communicate and to operate efficiently, the

transmission of sensitive data may be hijacked in transit which might compromise the integrity of the data as well

as its privacy. Methods to control these attacks will help in efficient access of internet resources in a safe

environment. The finds of this study will help in coming up with mechanisms to help the users to easily identify

and detect intrusion and blocking mechanisms so as to protect that particular client as well as other network users

connected to a particular network.

1.6 SCOPE OF THE STUDY


Due to development of internet the world has become a global village and has no jurisdiction. In today’s world

almost everybody has a gadget that can connect to the internet. However, young people are the most vulnerable to

this kind of the attacks due to their aggressiveness and the fact that they access the internet more often, More

handy, when the ecommerce was developed in 1979.This brought attackers on board, making them develop new

methodologies to bypass security mechanisms and policies in attempt to intercept the network through network and

system vulnerabilities for malicious gain. That’s has ever since, become a threats to wireless network which at first

the developers thought is more secure and reliable. In united states of America business have lost millions of

dollars as a results of attackers who intruded into their network and injected ransomware which enabled the

attackers decrypted their data which required one to pay money as to access the data it was known as wannacry

attack

CHAPTER TWO

LITERATURE REVIEW

2.1 Introduction

Network attacks have been discovered to be as varied as the system that they attempt to penetrate. Attacks are

known to either be intentional or unintentional and technically competent intruders have been interested in

targeting the protocols used for secure communication between networking devices. (Reed 2003). This review

addresses how highly sophisticated intruders are penetrating internet networks despite high levels of security. But

as the intruders increase, the network experts are deriving many techniques in preventing attackers from accessing

company networks

2.2 THREATS AND ATTACKS IN WIRELESS NETWORKS

Wireless networks are particularly vulnerable to attacks because it is difficult to prevent physical access to them.

The only advantage they have in this respect is that an attacker must be in physical proximity to the network, which

can limit the pool of potential attackers. However, with an antennae, can pick up or send signals from up to a few

miles away. To secure a wireless network, an administrator should know what types of vulnerabilities exist and

what types of attacks can exploit them. Wireless networks are subject to both passive and active attacks. A passive
attack is one in which an attacker just captures signals, which is done without any alarm on the network whereas an

active attack is one in which an attacker sends signals, too. Passive attacks are exceedingly easy to carry out with

wireless antennae and are undetectable. Any good security mechanism must start with the assumption that an

attacker can see everything Wireless networks have become an integral part of how we conduct our businesses.

They ease many processes and help us get rid of the clutter caused by hundreds of wires yet keeping wireless

networks safe poses some challenges. Wireless technologies offer convenient solutions to our needs. They are

practical and fast, moreover they set us free of the clutter caused by wires and cables. On the other hand, it is no

secret that wireless networks are more vulnerable to attacks and intruders. In this project, we will explain types of

wireless network attacks and how you can protect your organization from them. Wireless networks are one of the

relatively new technologies brought to our lives by the internet technologies. They are easy to use, facilitate our

business processes and mobilize our businesses. On the downside, wireless networks are much more vulnerable to

attacks and intruders. Commonly known as wireless network attacks, penetration and intrusion acts that target

wireless networks pose serious threats. Wireless network attacks aim to capture the information sent across the

network and/or intrude with the traffic of information.

PACKET SNIFFING

Networks are designed to facilitate and accelerate the traffic of information. In order to achieve this goal, the

information is sent in packets across both wired and wireless networks. Due to the nature of wireless networks,

these packets are sent through the air. As a result, it is very easy to capture them.

A great deal of traffic is sent through wireless networks, such as RTP, SNMP or HTTP. The common feature of

these is the fact that they are in plain text. Which means, one can easily read them with the help of free access tools

like wireshark. As a result, someone with malicious intentions can simply steal your passwords and similar

sensitive information. Protecting a wireless network against packet sniffing, needs investments in encryption

solutions.
ROUGE ACCESS POINT

Rouge access point refers to any unauthorized access point (AP) on a network. It can be created by an attacker or

even a misinformed employee. Moreover, rouge Aps make the entire network vulnerable to DOS attacks, packet

captures, ARP poisoning and more. It’s prudent to use network access controls and network access protocols or

introduce authentication processes to protect the organization.

EVIL TWINNING

This is one of the most popular methods employed by wireless network attackers is creating an evil twin. In other

words, attackers get a wireless access point and configure it as the existing network. This way, the ‘evil’ access

point cannot be distinguished from actual access points. One of the easiest ways to stop evil twins from stealing the

information of your organization is opting for data encryption, so that even if an intruder successfully creates an

evil twin they cannot read your data.

2.3RELATED STUDIES:

Choi et al, 2006, suggests key steps that are critical when implementing a robust WLAN security for organisations

by use of enhanced security mechanism such as visual to reassure security of information. The authors, by use of

actual scenarios on different organization employing variety of secure procedures and demonstrating fully executed

channels of a secure framework, propose the advantage of repeated measurement of the Wireless Local Area

Network; to facilitate durable, global and secure assurance by use of a company WLAN Security enhancement

structure. Vijay, 2002, has a general overview approach to WLANs, which fails to give an in-depth study of

security issues in WLAN and the possible threats and vulnerabilities. The author identifies that wireless

communication is a developing field that holds many future possibilities in this area. Such expectations indicate the

importance developing ample security as technology advances to cater for communication devices that support

communication with higher data rates. Vijay agrees and further suggests that a dominant means of supporting such

communication capabilities would be through the application of Wireless LANs; of which he focuses that as the

deployment of Wireless LAN increases well around the globe, it is increasingly important to understand different
technologies and select the most appropriate one. The author provides a detailed study of the available wireless

LAN technologies and issues of security concern while evaluating and suggesting a feasible standard for future.

However, the researcher neglects to explore vividly available frameworks, which addresses security flaws in

WLANs.Chen et al, 2005, reviews wireless LAN security by focusing on the new and evolving IEEE 802.11i

standard where major security enhancements in encryption and authentication specific to this standard are

illustrated. In addition, the newly introduced key management in 802.11i is captured by discussing the

incorporation of IEEE 802.1X as an authentication security enhancement. Similarly, the researcher delves in to the

specifics of both intra-subnet and inter-subnet roaming with regard to networking security. The paper thus does not

address framework issues that are relevant in enhancing security with regard to WLAN.Hamid, 2003, in his

approach begins by introducing the concept of WLAN where in the introductory section he gives brief information

on the WLAN components and its architecture. Seeking to understand security threats associated with WLAN, the

study explores at Denial of Service, spoofing, and eavesdropping forms of network attacks. The author further

explores into the functionality aspects of Wired Equivalent Privacy (WEP), which is a significant standard in IEEE

802.11b/ Wi Fi encryption for wireless networking. The researcher examines weaknesses indicated for WEP to

discover that the system is relatively weak in terms of security than anticipated and thus further study are required

to develop practical solutions for more secured WLAN. He also covers the new standards to improve the security

of WLAN such as the IEEE 802.1x standard, which comprises of three separated sections: Point-to-Point Protocol

(PPP), Extensible Authentication Protocol (EAP) and 802.1x itself. The author identifies that 802.1x is included in

802.11i, a newly proposed standard for key distribution and encryption that will play a big role in improving the

overall security capabilities of current and future WLAN networks. The 802.11i standard establishes a pair of

significantly improved encryption algorithms that include Temporal Key Integrity Protocol and CBC-MAC

Protocol to succeed WEP, and improve on network security. The study provides a comprehensive list of

networking products that afford users protection to their wireless networks from attacks, thus maintaining the

integrity. The paper therefore fails to address a framework for enhancement of WLAN security. Park, et al, 2003,

in their paper enumerates the various advantages of WLAN and the reasons for their implementation. The authors

concur that although WLANs solve some problems that exist in traditional wired LANs, they also introduce new
security issues. The study appreciates current and future security concerns with regard to networking and possible

countermeasures, which include standards, technologies, management, policies, and service environments. They

suggest that risks that WLAN services present can only be mitigated rather than completely eliminated, of which

they suggest that although there is no single solution for perfect WLAN security, WLAN security can be enhanced

to an acceptable level by a proper combination of counter measures. Singh, et al, 2010, illustrates security flaws of

Wireless LAN facilitated by cracking the 64 bit WEP key on Wi-Fi access points using Backtrack, which is a

Linux-based operating system popular among hackers. Backtrack users can attack an Wi-Fi access point by

initiating the generation of packets in the cracking effort, which results in the successful generation of the WEP

key. The authors give a detailed procedure of how to achieve the cracking process thus showing the vulnerability

and weakness in WLAN. The points out that owing to the broadcast nature of the wireless communication, it’s

relatively easy for intruders to interject communication and disrupt normal operations of the network by diverting

resources to serve their needs. They equally are of the opinion that security is of ultimate importance to the global

communication and information networks and that that data, which are encrypted with WEP Key, are also insecure.

They however have failed to address the solution to this flaw or weakness.

2.5 MAJOR SECURITY PROTOCOLS FOR WIRELESS LOCAL AREA NETWORKS

802.11b:

Over the years, WLAN setups have faced enormous security threats and attacks leading to compromised networks,

however, emerging technologies facilitate security and protection from most attacks. Among the steps taken

towards securing WLAN from vulnerability is the addition of the 802.11b standard that employs the Wired

Equivalent Privacy (WEP) protocol, which was developed to ensure user-friendly encryption.WEP functions by

encrypting the network's packets with an encryption key, which is then sent to its destination for decryption of the

packet in order to retrieve its contents. Theoretically, this is an efficient way to secure data using encryption codes

whose key is known to the originating and the target addresses; yet, there exists intrinsic flaws that compromise

this security to experienced hackers. This flaws are highlighted within WEP protocol that generates a
proportion of encryption key as plain text, which hackers, using reverse engineering software, extract the key to

decrypt packet contents. A plausible countermeasure to ensure protection when using the WEP protocol is achieved

by changing the encryption key frequently such that intruders do not accumulate enough data on packets to crack

the key. Owing to the demonstrated vulnerabilities regarding WEP, a vast majority of organisations and firms opt

for alternatives as they abandoned the implementation of 802.11b wireless LAN in their premises. Moreover, it has

been demonstrated that in 802.11b, the WEP protective functionality can be switched off, which justifies

reluctance by most firms and companies who ensure that the function is running. However, most home users

remain ignorant of the benefits of WEP and end up leaving it turned off, thus increasing the risk for security

attacks. Following lack of adequate knowledge on the benefits of the 802.11b standard and massive abandonment

by commercial institutions, the security measure can be consider a failure. Nonetheless, even as the 802.11b

standard is illustrated as a failing measure, the demeaning aspects sparked off a campaign seeking to overhaul

current wireless security and replace them advanced technology.

802.11i,

802.11i was developed as a result of 802.11b WEP security failure. 802.11i brings more protection by
making use of secure keys and encryption. According to Dulaney et al, 2004, 802.11i security standard was
permitted incorporation into WLAN setups by IEEE. The 802.11i security standard was approved by the
IEEE to be incorporated in securing WLANs networks Dulaney et al, 2004.The 802.11i standard employs a
dual layered security protocol namely the Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP) and the Temporary Key Integrity Protocol (TKIP). CCMP is the
primary method employed in the protection of wireless packets in the 802.11i standard, which confers
significant benefits that address the shortcomings experienced while using WEP in the 802.11b standard. The
CCMP protocol is designed to be always active, thus enabling security features even if the user does not
know how to configure manually. The CCMP adopted a differentiated version of the Advanced Encryption
Standard (AES) encryption algorithm, which provides a robust security where the packets are encrypted
using a 128-bit key to offer a nearly impenetrable system. Despite encrypting the message data, the origin,
target as well as other interactions remain encrypted. Another crucial feature of CCMP worth noting regards
the encryption key, which does not need to be included in the packet thus eliminating risk of interception.
Among the drawbacks of WEP lie with the inclusion of portions of the encryption key in the packets, which
culminated in transmission of large volumes of packets increasing the chances of cracking the key. With
802.11i standard, CCMP preserves the integrity of wireless networks by securing them against a majority of
common networking threats, and thus ensure an efficient security mechanism. However, the sole indicated
setback lies with infrastructure requirements where CCMP being new technology, demands high end
hardware and software, which is a necessary step to ensure security protection in wireless networks. Another
important encryption method within the 802.11i standard is TKIP, serves as a wrapper around the old WEP
protocol to seal off previous limitations. Contrary to the infrastructural demands of CCMP protocol, TKIP is
readily compatible with old hardware and software that satisfy WEP requirements, thus curtailing additional
costs during implementation. The TKIP and CCMP functions works in a similar manner only that TKIP
makes use of a number of keys for purpose of encrypting the data packets. It also helps in and the addition
of encryption keys in the packet. This mechanism makes use of 64 – bit encrypting key whereby each packet
is encrypted prior to packet transmission. The encryption process involves encrypting the header and data for
every packet, and due to change of keys with each packet, it’s important to have these keys to the packet.
In addition to a 64 bit encryption key, a 128 bit encryption key is employed to enhance security and integrity
of the whole packet.

WPA/WPA2; WI-FI PROTECTED ACCESS (WPA & WPA2)

While the 802.11i standard was conceived to resolve issues demonstrated in WEP and expedite the
implementation adequate WLAN security scheme for the enterprise market, the process took time to
approve. As such, the Wi-Fi Alliance established the WPA, which is based on a subset of the 802.11i draft in
2002, as a temporary remedy to ensure vendor interoperability. While still utilizing RC4 encryption, TKIP
applies a temporal encryption key that is regularly renewed in order to discourage efforts made towards
stealing the encryption key before deciphering a sizeable amount of information. Furthermore, the integrity
of data is largely improved by the use of the more sturdy mechanism, the Michael Message Integrity Check
(MMIC).WPA did a great deal to address the concerns associated with WLAN security, and can be hailed as
an important step in increasing acceptance of WLAN as an enterprise-ready technology. Nevertheless,
concern is expressed concerning the use of RC4 encryption algorithm in TKIP as opposed to the use of
temporal keys, which are considered to offer relatively superior security solutions. For this reason, most
institutions viewed WPA as a provisional measure purposed to reconcile the gap between WEP and the soon-
to-be ratified 802.11i standard and thus opted to hold off on their deployments. The year 2004 ushered in
WPA2 after the Wi Fi Alliance upgraded the WPA standard by replacing the RC4 encryption algorithm with
AES (Advanced Encryption Standard).

VPN;

Tyson, 2001 defines a Virtual Private Network as an isolated network that utilises open networks to remotely
connect users or sites together. VPNs have a wide array of security attributes that facilitate user connectivity
to different networks while preserving the integrity. According to Tyson, 2001 a VPN is made up of four
parts that guard its security and they include firewall, encryptions, IPSec, and AAA Servers. A VPN’s
firewall acts exactly like any other firewall that block and only allows certain ports whose packets have been
filtered and deemed as malicious- free through a designed mechanism. A firewall is an important unit in the
VPN as it ensures viruses and Trojans do not jeopardise the server. There exists no defined encryption
mechanism in a VPN setup; nonetheless, three key approaches have been implemented. First is the
Symmetric Key Encryption whereby every connected device is allocated a unique key that affords each
the capacity to decrypt packets as they are received. Notably, the symmetric keys used on each device are
identical and thus require frequent reassessment to deter efforts made by intruders to compromise the
network.
The second is the Public Key Encryption that operates by both communal and personal keys to enhance
network security. The private key is applied by the sender to encrypt data packets (which they only know),
while the public key is employed by the receiver to decipher the packets using the source's public key. Public
key is identical to the symmetric key, with only difference being that two divergent keys are applied as
opposed to one. For the purposes of a successful connection every user should obtain an access key, which
guarantees controlled connectivity. The third way of encryption is by use of Pretty Good Privacy (PGP) that
relies on a generated session key to promote and secure protection. Sessional keys are generated per session
for each user, and are renewed in every session or for each user seeking to connect. The PGP system then
transforms into a public key system as it encrypts the packet and assigns sessional keys to available public
keys. The newly encrypted packets and keys are then sent to the destination device where private keys are
applied to decrypt information. While these are the most common techniques, there are no limitations to
govern the encryption systems within VPN, thus the lack of a defined encryption standard in the setup.
Internet Protocol Security Protocol (IPSec) provides alternative security to VPN setups by enhancing privacy
protection through message encryption. Two methods are sought in IPSec where one (tunnel) involves the
encryption the whole packet encompassing the header. The second method is transport, whose only role is to
encrypt the data section of the packets and not the header. These methods demand that the user and the
access point have the same key in order to decrypt the message as it arrives. Lastly, is the use of an
Authenticating, Authorising, and Accounting (AAA) server in which connection requests are passed on to a
proxy server where the user is determined and authenticated according to the scope of what he/she is allowed
to do against what he/she is actually doing Tyson, 2001. This system has extra security because it monitors
what the user is doing. Through monitoring efforts, the system establishes a pattern and defines the
likelihood of a security breach based on user activities. Although the VPN setup does not compare
competitively in terms of security with the 802.11i standard, it facilitates flexibility within an institution.

You might also like