Increasing security in my Wireless network

 


Concerned about the security of my Wireless network, I spent a few days thinking of a way to increase the protection without the complexity of MFA and 802.1X for the members of my home. Because we need to be realistic in an office, we were forced to use very secure protocols and passwords with long lengths that are impossible to replicate in our homes.

In my own experience, a few months ago, I tried to introduce a new configuration to my wireless network with authentication based on AAA, which wasn't perfect. My wife spent 15 minutes trying to access the network because she didn't know how complex network configuration works. My neighbour asked me: did you change the WiFi password? (LOL).


After that, I thought of a new way to get more secure in my Wireless network without that complaint, and a new idea came to my brain: DVLAN + MAC Auth. With these two features, I can increase the granularity and security of my network with minimal knowledge of my family. The MAC Auth forces me to know and approve the devices connected to my network, and with the DVLAN can create different Internet profiles based on the  VLAN assigned to the devices. 


This is just a test in a long way to finding the perfect configuration for my Wireless network. 


In the Daloradius I made two profiles for home members and IoT devices with the assignment of VLAN 







The creation of users was very simple just use MAC Address Authentication in place of User Authentication. After that, I added the mac to my devices and select the correct group profile. 



The configuration in the WLAN is very simple, it just needs to be careful including the Authentication method as MAC and the encryption as WPA2/3 to increase the security of the network  




After that, the only step is adding the Daloradius Server where we configured users.


The results are beautiful: WLAN working on VLAN 1, iOS machine working on 10, and Ubuntu machine on VLAN 20  with the validation of the MAC auth on the FreeRadius server. 



In summary, in the search for security for our networks, we forgot the human factor and the balance between the security and facility for the user. However, we need to change the sight of our home just like a simple family network because the security risks previously located in the corporate network were extended to our own homes when we accept the home office as an alternative to working in a cubicle. 

In the next entry, I will share the results of an attack over this Wireless network compared with a traditional network without MAC Auth. 





Post a Comment

0 Comments