This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Wireless Local Area Networks (WLANs) are gaining popularity as they are fast, cost effective, flexible and easy to use. They are, however, faced with some serious security challenges and the choice of security protocol is a critical issue for IT administrators.
The goal of this paper is to make the non-specialist reader aware of the disadvantages and threats of the wireless security protocols. WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) security protocols are examined in this respect. Then they are compared via the common features in order to give some insight to those who work with WLANs. We hope this paper give boost to the IT security staff and clarify the common questions of the non-specialist reader.
This paper is a compilation of the wireless security weaknesses and counter measures that are put forward until recently. We believe that a thorough understanding of this paper makes the non-specialist reader have a complete review of wireless security and vulnerabilities associated with it.
Wireless technology releases us from copper wires. A user can have a notebook computer, PDA, Pocket PC, Tablet PC, or just a cell phone and stay online anywhere a wireless signal is available. The basic theory behind wireless technology is that signals can be carried by electromagnetic waves that are then transmitted to a signal receiver. But to make two wireless devices understand each other, we need protocols for communication.
In this chapter we will first take a look at what Windows XP Professional has promised to bring to you in wireless technology. Then we will discuss the current security problems with wireless networks and your options for dealing with them. Last, we will present two methods that you can use to secure your wireless networks.
You will see two concepts heavily reinforced: authentication and encryption. These concepts will be the glue for our two recommended methods of secure wireless networking. If you just cannot wait, the first method is a solution using an IPSec VPN located on (or behind) a dedicated firewall that separates the wireless network from an intranet. The other method uses a combination of 802.1 x authentications with a back-end Internet Authentication Server and dynamic WEP keys for encryption. Both methods use strong authentication, which can be based on client certificates. For a clearer understanding, read on.
It is easier to understand wireless technologies by categorizing them into three layers, as shown below. The three layers are device, physical, and application and service(protocol).
Current Security Problems in Wireless
The most mature wireless network technology today is 802.11b, which is what we will focus on. Let's briefly go over the IEEE 802.11b standard.
IEEE 802.11b makes use of the 2.4 GHz ISM band and provides speeds from 1 Mbps up to 11 Mbps, with the range about 1500 feet. (Although in reality, you are hard-pressed to get this range out of products on the market today.) This standard uses Direct Sequence Spread Spectrum (DSSS) to encode data before transferring it. IEEE 802.11, 802.11a, 802.11b, and 802.11g use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) as the protocol in the data link layer.
There are two names you need to know in a wireless network:
Access point (AP)
STA is a wireless network client-a desktop computer, laptop, or PDA. The AP is the central point (like a hub) that creates a basic service set to bridge a number of STAs from the wireless network to other existing networks.
There are two different modes of wireless networking:
Ad hoc mode, or independent basic service set (IBSS)
Infrastructure mode or basic service set (BSS)
Ad hoc and infrastructure modes are illustrated in the network blueprints. The ad hoc mode is equivalent to peer-to-peer networking. That means an ad hoc wireless network does not have an AP to bridge the STAs together. Every STA in an ad hoc wireless network can communicate with any other STA in the same network directly.
The infrastructure mode will have at least one AP to form a BSS. If there are multiple APs, they will form an extended service set (ESS). All traffic from or to an STA will go through the AP first. The AP in turn could be connected directly to another network, such as your wired intranet. In such a case, we recommend placing a firewall between them, as we describe in more detail later.
Almost every protocol set has some mechanism to protect the data, and the same is true for IEEE 802.11b. An encryption mechanism called Wired Equivalent Privacy (WEP) protects the data as it travels through the airwaves.