Question

Employees want to be mobile, having the ability to move from their desks to meetings and back again. How do you ensure that the data they are accessing follows the rules for CIA? In a 500- to 750-word essay, develop a plan for securing an enterprise level wireless network, such as the private WGCUSECURE WiFi Network used here on campus. Make sure to address the following: Which wireless security options would you deploy, preventing typical wireless attack vectors? Should you use a layered security approach? Why? Describe the strategy for your design. Include a network diagram. Use Microsoft Visio or online network diagraming tools, as identified in the required readings to visualize your design.

Answer 1

having access to the data or internet wirelessly is usually refered as WIFI.
wifi allows us to acess the internet from any place without physically being connected via wire.
with all this benefits there comes some problem with the security.

now as it is referred that the connection should be CIA level secure than there are few methods which can be implemented so that the network get secured and the intruders wont bypass the security and acess the data.

hidding the ssid:- the first thing that can be done is to hide the ssid of the network so that only those who know the name of network can try connecting to the network else they will be deprived of the acess to the office network.

Strong wifi password:- using a WPA2 or WPA3 along with AES makes it impossible for the intruder to crack the password using brute-force attack or dictionary attack
Another feature that can be added is timeout system after certain number of failures.
like lets take a scenerio that some tried a brute force attack then making a policy so that after certain number of failure that macaddress will be blacklisted can actually add another level of security.

most common hardware level security method is MAC Filter. Now lets imagine a scene that there are multiple devices that wants to connect to the network only one has to be given the acess.
so what we do is add a mac filter on the network so that despite of having the network password the intruder wont be able to acess the network. another benefit of having the mac filter is only approved devices will be able to gain acess in the network

another method is assigning static ip address to the wireless devices connected to the network.
so that any other computer then the office employees wont be able to connect to the network at any cost.
and using only fixed number of ip address= number of devices will add another layer of the security.
usually what happens that the router gives us a range of the ip address so despite of using the complete range we will be using only the ip address equivalent to the number of devices.

another method is by disabling the WPS and UPnP.
now talking about the what WPS is.
Wps stands for wireless protected system. if your router has a wps button then you can easily gain acess to the router just by pressing the wps button on the router and the wireless device at once.
what happens here is inspite of connecting using the pasword the router give permission to acess using a pin which will act as password for the device.
disabling this will prevent the intruder to gain acess if he/she has physical acess to the router at any extend of time.
now there comes UPnP that stand for the universal plug and play. disabling this adds a layer of security in the network.

dispite of having all these security measures in the network. if the intruder have physical acess to the router then the game will be over. so we will be using acess points instead of routers so that even if he gets hands on the acess point he wont be able to gain the acess. or change any thing in the network.