The basic idea behind using wireless internet connections is to increase ease of access. Weather you connected wirelessly in the workplace or in a Wi-Fi broadcasting eatery some of the basics of WLAN are the same. The facts that your traffic is floating around the open air and that network you're connected to is available to anyone in a relatively wide proximity are both unchanging factors when dealing with wireless connectivity. These facts of WLAN life make it both easy for the intended client to connect to along with the unintended hosts if the proper security measures aren't taken. That basis of Wireless LAN is radio frequency; experts say that every radio wave that has ever existed still exists in a degraded form. This should speak to our inability to control a technology that we had harnessed over 140 years ago. In the past decade the use of radio frequency to broadcast networks to the corporate and family internet environment has grown in greatly in popularity. Security of a wireless broadcast as been an issue dating back to the second world war, but instead of imploring native Americans to encrypt transmission the IT world has come up with slightly more complicated but conceptually similar ways of keeping data safe.
When implementing a wireless network in a business setting there are copious amounts of step that need to be taken to create an even robust and secure WLAN infrastructure. One of the most crucial steps in building a robust wireless network is choosing the right hardware for the job. You want to make sure the access point won't be overloaded with too many users, to provide for more reliable speed and connectivity. You also need to make sure that the device you purchase is 802.11i compatible so that you can incorporate the latest in wireless security protocols. Another security measure that might be considered is the use of USB tokens or the integration of smartcards for authentication the wireless network. The use of physical tokens along with an encryption protocol and an AAA system would ensure that intrusion would be nearly impossible. One of the only ways an unwanted user could enter the network would be through a employee inadvertently voiding a security measure. That is why basic user training seminars are essential to the sustained security. The weakest links in any IT system is an uneducated user, but after them blame the basics.
Before the advent of automated security standards and protocols the use of basic networking tools was the first line of defense against wireless intrusion. Tactics like using static IP addressing to inhibit unauthorized users from accessing the network by not being allotted an address from a DHCP server. Another basic networking tool used to defend a WLAN is the use of a subnet that limits the number of users to that similar to what you plan to have on your network. MAC address filtering is also good in deterring intrudes form entering the network. MAC address filtering allows the administrator to pick and choose what MAC address to allow or deny. The only problem with MAC filtering is MAC Spoofing. This is where a user uses a program of BIOS feature to impersonate the MAC address of another NIC. These basic measures aren't usually enough to stop a determined intruder the development of wireless security standards and protocols would be necessary to deter a serious intruder.
One of the earliest forms of wireless security came into play was Wired Equivalent Privacy. The goal of this protocol was outlined in the name, but is better explained by one of the experts from Wi-FiPlanet.com;
"WEP (wired equivalent privacy) is 802.11's optional encryption standard implemented in the MAC Layer that most radio network interface card (NIC) and access point vendors support. When deploying a wireless LAN, be sure to fully understand the ability of WEP to improve security. It's complicated, but here we go."(Geier)
The promise of a wireless connection that is as robust and well protected as the wired connection is still a promise that still cannot be kept even by more complex and lengthy security measures. What the WEP standard did bring to the table was encryption and authentication required to access the desired network. The authentication was done through a password or passphrase encrypted by one of a few different key sizes. Ranging from 64 to 256, these passphrases were easily cracked by examining captured packets and determining the encryption method. Soon after WEP's debut cracking applications became readily available online. These tools allowed even novice users to easily and quickly penetrate a Wired Equivalent Privacy protected network. This was a security concern to the extent that a team from the FBI publicly demonstrated that they could crack a WEP passphrase in less than three minutes.
" WEP itself is not the strongest type of security you can implement on your wireless network, but it is one of the easiest ways to strengthen your wireless security network." (Taylor)
The rein of WEP as a industry standard for security was short lived due to the problems mentioned above along with various others.
"In 2002, stating that the industry couldn't wait for 11i's ratification, the industry consortium Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA). It is a subset of the abilities of 802.11i, including better encryption with Temporal Key Integrity Protocol (TKIP), easier setup using a pre-shared key, and the ability to use RADIUS-based (define) 802.1X authentication of users. WPA comes in two flavors, one that's easier for home users, and one for enterprises (the latter incorporates 802.1X)."(Griffith)
After the nearly out-and-out failure that WEP became a new standard for WLAN security was welcomed with open arms. Next in the line of attempt to secure radio frequency was Wi-Fi Protected Access (WPA). This was an update to the 802.11 standard that WEP adhered to. The 802.11i standard was compatible with hardware that WEP used; the only necessary step in upgrading was a firmware update. This firmware update allowed the use of WPA new method's of handling passphrases along with a plethora of additional optional security measures. WPA allowed for the use of a Virtual Private Network (VPN) to further secure the connection. Another new feature to the 802.11i standard was the use of Temporary Key Integrity Protocol (TKIP). TKIP uses dynamic keying and constant authentication to ensure that it is much more difficult to break then the static keying used in WEP and the 802.11 standard. WPA also provides for the use of Extensible Authentication Protocols. They all provide for a more complex system for key handling and transport layer security. The use of a centralized authentication service provides for use of RADIUS or another AAA (Authentication Authorization and Accounting) protocol like it.
" This protocol allows users to authenticate into a wireless network by means of a RADIUS Server. " (Posey)
AAA protocols use a central server that handles authenticating and authorizing of a secure session, while keeping track of the activity that goes on during this session. They do not however provide for encryption, which in this case is performed by the WPA.
There is no one size fits all solution for wireless security but using a combination of a few of these security measures will leave your WLAN nearly impermeable.
- Griffith, Erik. " 802.11i Security Specification Finalized." Wi-FiPlanet.com. Jun, 25 2004. Web. 20 Dec 2009. <http://www.wi-fiplanet.com/news/article.php/3373441>.
- Lowe, Scott. "TechRepublic Tutorial: Centralize authentication with a Win2K RADIUS server." TechRepublic.com. Nov, 20 2002. Web. 20 Dec 2009. <http://articles.techrepublic.com.com/5100-10878_11-1050970.html?tag=content;leftCol>.
- Geier, Jim. " 802.11 WEP: Concepts and Vulnerability." Wi-FiPlanet.com. jun 2o 2002. Web. 20 Dec 2009. <http://www.wi-fiplanet.com/tutorials/article.php/1368661>.
- Taylor, Laura. "Use WEP to improve security on your wireless network." TechRepublic.com. Aug 27 2002. Web. 20 Dec 2009. <http://articles.techrepublic.com.com/5100-10878_11-1055215.html?tag=content;leftCol>.
- Posey, Brien. "WPA wireless security offers multiple advantages over WEP." TechRepublic.com. Sep 10 2003. Web. 20 Dec 2009. <http://articles.techrepublic.com.com/5100-10878_11-5060773.html?tag=content;leftCol>.
- Ou, George. "TechRepublic's ultimate guide to enterprise wireless LAN security." TechRepublic.com (2007): 2-7. Web. 20 Dec 2009. <http://i.t.com.com/i/tr/downloads/home/gou_secure-wireless-guide.pdf>.