Introduction 

Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking has many security issues.  

The risks to users of wireless technology have increased as the service has become more popular. There were relatively few dangers when wireless technology was first introduced. Crackers had not yet had time to latch on to the new technology and wireless was not commonly found in the work place. However, there are a great number of security risks associated with the current wireless protocols and encryption methods, and in the carelessness and ignorance that exists at the user and corporate IT level. Cracking methods have become much more sophisticated and innovative with wireless. Cracking has also become much easier and more accessible with easy-to-use Windows or Linux-based tools being made available freely on the web.

DoT (Department of Telecom, India) already has ordered ISP (Internet Service Providers) to ensure that details of customers using Wi-Fi should be maintained in a centralized server to prevent unauthorized persons from accessing the internet in a hotspot.

The move follows recent incident of terrorists sending emails using Wi-Fi hotspot of an American citizen staying in New Mumbai. Consumers who do not register themselves will get disconnected by their ISPs.

DoT has issued detailed guidelines for ISPs to enable secure use of Wi-Fi services under the de-licensed frequency band. “Insecure Wi-Fi networks are capable of being misused by anti-social elements without leaving any trail. Therefore, DoT has instructed ISPs to follow a procedure for securing Wi-Fi networks in the country,” said a DoT official.

At the hotspot location once the guidelines are implemented then consumers will not be able to simply walk into hotel lobbies, restaurants, coffee shops or airport malls and start accessing the Internet using the Wi-Fi hotspot in that location. DoT has asked ISPs to enable such access by issuing bulk login IDs and passwords at each hotspot. Consumers will have to give ID proof for getting a temporary password and login ID before they can start surfing.

For regular customers visiting these locations, DoT has allowed ISPs to issue password and login ID on the subscriber’s mobile phone, which can be used for a period of one year. DoT has, however, barred service providers from allowing simultaneous multiple login using a single password.

No new Wi-Fi connections, corporate or individual, will be activated before the subscriber’s details are registered by the ISP. Even those customers who currently use Wi-Fi modems for limited mobility within their home, office or campus will have to get themselves registered.

Radius Server Authentication

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the IETF standards.

Because of the broad support and the ubiquitous nature of the RADIUS protocol it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.

RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves three functions:

• to authenticate users or devices before granting them access to a network,
• to authorize those users or devices for certain network services and
• to account for usage of those services.

AAA

AAA commonly stands for “authentication, authorization and accounting”. This is a misnomer, and should have been “authentication, access control and accounting”. See below and the Wikipedia article on authorization for an explanation. The AAA is sometimes combined with auditing and accordingly becomes AAAA.

Authentication

Authentication refers to the process where one entity verifies another entity's claim to holding a specific digital identity. Commonly one entity is a client (a user, a client computer, etc.) and the other entity is a server (computer). Authentication is accomplished via the claimant's presentation of an identifier and its corresponding credentials to the verifier. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).

Authorization

This is a misnomer, and should have been Access Control. "To authorize" means "to specify access policy" which is also an important security function, but which is not explicitly part of AAA. The function that the middle "A" in AAA actually refers to is "access control", i.e. the granting or refusing of privileges to an entity for accessing specific services.[citation needed] When reading AAA literature, "authorization" must be interpreted as "access control". The access control function uses the access policy specified for an entity to determine whether an access requests from the entity shall be granted or rejected. Access control may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same entity or user. Access privileges normally enables an entity to use a specific service. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, Quality of Service/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.

Accounting

Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.