Making Wi Fi Hotspots More Secure Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

So, the future point is to make Wi-Fi Hotspot more secure and an infrastructure, which everyone could use everywhere easily. The future belongs to Hotspots network, and for this reason the manufacturers looking for new ideas and applications, in order to provide more services to wireless users. About security, the manufactures start to incorporate into their Wi-Fi Hotspot networks the NAC (Network Access Control) protocol. NAC is a protocol, which try to control the access of an endpoint in a wireless or wired network. Its operation is to secure the network by unifying the endpoint's - device's applications (antivirus operating system,). NAC developed from Cisco corporation, and now many organization are using it in their network infrastructure. With this protocol is succeed the user's and device's authentication, validation and authorization. This solution combines a set of protocols, in order to implement a method to secure the network from unknown customers and devices, which might desire to connect to the network illegal and maybe they consist theat. So the network infrastructure can operate securely with its own authorized users.

The situation, in which NAC is necessary, is when an device try to connect with the network (Hotspot) and it does not met the policies, which the administrator has set on the network. These policies (more like search) might have to do with the antivirus protection (out of date), the operating system's update, the security patches and its firewall. Also, these settings could define the role of each user in the network, in big groups (like VPN), in order to prevent anonymous from having access to vital information, which transmitted via the Hotspot. A pre installed software agent checks the specific device if it is secured and authorized, and after this procedure is able to connect with the network and the other devices in this.

The NAC offers an excellent grained way to isolate, and to prevent any attack. It provide a full analysis of the threat, and also the option to quarantine the device, in order to deny their access in to wireless network. The devices, which are unauthorized and out of date, could move into a Quarantine situation. In this situation the user can only visit web sites and applications, which give him the opportunity to update his firewall or operating system, in order to meet the network's requirements. This solution might be extremely efficient for public networks and Hotspots. The duration of the quarantine is 60 minutes and in this time the user have to resolve any security issue that his device must solve, by visiting specific devices for the update of the operating system for instance. If this time period expires then any network traffic for this devices, will block. It is not only for protection, but NAC can handle and the legal costumer of the Hotspot, and this gives the opportunity to big enterprises, to have their employees everywhere and at any time on line, something that it could increase business's productivity.

It will be very useful for the paid Wi-Fi Hotspot manager, who want to validate every client who want to take access. So, the owner of the Hotspot could configure the settings that he prefers (such as group of users, coverage, authentication types for high protection) and all the devices, which will not follow these settings cannot have access on the network. The NAC protocol search the device about its recent anti-virus and operating system update, if these updates have not done, then the NAC deny the access on the wireless network. In other words the NAC manage the access on the network by scanning the user's device, which try to attach the Hotspot, and by verifying its authorization and authentication.

The security for a company is very serious issue. All businesses wants high protection from external (and in some cases and internal) attacks. They have to improve their security, reliability and the availability of their Hotspot. NAC is the proper protocol to achieve this. So, with NAC a Hotspot can manage, service or even to prevent:

known customers with known and validate devices

known customers with unknown and invalidate devices

unknown customers with unknown and invalidate devices

external threats from attackers

guest users, in a hotel for instance with unmanaged devices.

Especially now where the number of wireless devices and the other IP-enabled devices, which use the Hotspot and all other wireless networks is increased. New devices and endpoints are moved and need connection on the wireless networks, so for Wi-Fi Hotspots are necessary the usage of the NAC protocol. For this reason, NAC in upcoming Hotspots could provide a list of the authorized devices in the network, their location and the identification of their users.

Fratto, M., Tutorial: Network Access Control (NAC), Network Computing For IT By IT, [online], (Last update on 17 July 2007), Available at: "" [Accessed 4 March 2011]

Security Server

An alternative method is by using security server in every Hotspot and of course in wired networks. The security server operates in a network and protects it from any external attacks. In future Hotspot its usage will be necessary. It provides all technology, with which is achieved the authorization, authentication, accounting (AAA), encryption, traffic reporting and management of the network. Every network has different methods in order to identify its users, as result only the authorized have the ability to access. Also, every user has specific privileges in the network, so depending on their identity can use much more or less resources (services, devices, bandwidth, accessibility to files etc.). This solution support the mobility of wireless devices such as Tablets and Smartphones to access to a Hotspot network secure and fast. Especially, with the high encryption methods (SSL or SSH protocol), which the server adopts for its communication with the network's end-points. Consequently, the access of every unauthorized and unknown device can be prevented.

Security servers attract many attackers, because manage vital information, services, and private accounts (passwords, profiles etc.), their security must be enormously. All these information have to be protected by unauthorized users, who want to copy or to read them, via the public network. After the login of the user, a window inform him about the websites and applications, is able to visit or use, based on his privileges (particular access restrictions) on the Hotspot. A security server manages a database, which checks the privileges that correspond to each authorized user (the accessible services and applications). As it is mentioned and before, a security server can support accounting, something very important for paid Hotspot, in collaboration with the high security that provides to its customers. It offers a very secure access management of the Hotspot and wired networks, with extremely flexibility on the users and services that provides.

Scarfone, K., Jansen, W. and Tracy, M., 2008, Guide to General Server Security. (SIGN NIST Special Publication 800-123) [online] U.S. Department of Commerce - National Institute of Standards and Technology, Available through: "" [Accessed 4 March 2011]


Finally, there is one more future solution, which could be very useful for the Hotspot customers and for the administrators of the Hotspot. This solution offer better security, authorization and authentication methods, and also the best access control for the end-point devices such as Smartphones, routers etc. Firstly, appeared with the name TACACS (Terminal Access Controller Access-Control System), now the latest release of this authentication protocol is naming TACACS+. The first distribution of TAPAC was made by Cisco. All new Hotspots, which desires to provide high quality services to their customer, will be using this protocol. RADIUS protocol replaced the first distributions of TACACS, but now the latest version is ideal for the future growing Hotspot - security market (Cisco research).

TACACS+ is better than RADIUS protocol, and it operates via the Transmission Control Protocol (TCP) [utilizes port 49], because it is more reliable and flexible than UDP, which is used by RADIUS protocol. Another important thing is that TACACS+ divide the operation of the authorization and authentication, unlike with the RADIUS protocol, which combines them as one. So, we understand that by separating these two operation, the Hotspot manage better their customers and prevent the attacks to its infrastructure. Of course it provides and accounting services, with detailed information about every customer. Additionally, with the authentication and authorization procedures (AAA), the manager can check the actions of every user (security purpose) and to manage the services, which correspond to him and based on his identity and privileges. Moreover, the encryption methods that uses the TACACS+ is by encrypting the entire body - session of the every transmitted packet. On the other hand, the RADIUS protocol, when a user would access to the network, send a packet, which the RADIUS protocol encrypts only the password (Zadjmool, 2007). All the other content of the packet remains unencrypted. As a result the authorization - authentication - accounting information (AAA) to be on dangerous, because can be captured. So, TACACS+ can protect better its information and packets than RADIUS protocol.

We can see from the traffic between the customer and the TACACS+ server the big number of checks, which are taking place, in order to be done the authorization, the authentication and the accounting (AAA) of the user who want to connect with the Hotspot network. This is the reason, for which the TACACS+ provides extremely high security. In future we will use the TACACS+ protocol in every public (or private) network, especially on Hotspots, which their providers and owners (big or medium businesses) will need its authentication and accounting services, KATHOS KAI the flexibility and the management that offers, in order to serve hundreds users.

Figure 6-1: The traffic between the customer and a TACACS+ server



Solar Designer, An Analysis of TACACS+ Protocol Security, Openwall Project, [online], (Last update on 6 June 2010), Available at: "" [Accessed 4 March 2011]

Cisco Corporation, TACACS+ and RADIUS Comparison, [pdf], Cisco, Document ID: 13838, Available through: "" [ Accessed 4 March 2011]

Zadjmool, R., RADIUS VS TACACS+, Tevora Business Solutions, [online], (Last update on 26 August 2007), Available at: "" [Accessed 4 March 2011]