Without WEP or WPA enabled, any station can join a BSS and all frames are transmitted unencrypted.
In the early days of Wireless LANs, security was almost non-existent and even when it became available, many installations were completed and left unguarded with no security. This led to many attacks on WLANs and groups of individuals formed associations to attack the vulnerability of WLANs in what became known as ‘War Wagons’. These were normally vehicles that were kitted out with no more than some rudimentary wireless eavsdropping equipment. Security of any network is important, and because of the nature of Wireless Networks, it is now the most important consideration when deploying a WLAN. There are a number of methods that can be employed:
WEP – Wired Equivalent Privacy is a method that can be employed to encrypt data frames, but these days any hacker worth his salt would be able to crack WEP keys in minutes or hours. It will give basic security for someone like a home user, but if a stronger encryption method is available such as WPA then you would be advised to use it.
WPA – Wi-Fi Protected Access was devised following a draft paper for the IEEE 802.11i standard. The Wi-Fi Alliance adopted a number of the components of the 802.11i standard in order to quickly introduce a workable set of security protocols and these fall into 4 main categories:
• Authentication – A secure method of authentication between the client, AP and authentication server.
• Authentication Algorithms – A complex method of validating the client.
• Data Privacy Algorithms – Provide privacy for data transfer across wireless domains.
• Data Integrity Algorithms – Provides a receiver with assurance that frames have not been tampered with or altered in any way.
PEAP – Protected Extensible Authentication Protocol – Transport Layer Security similar to SSL (Secure Sockets Layer).
LEAP – (Lightweight Extensible Authentication Protocol - Password based mutual authentication protocol developed by Cisco.
It has been proven by a number of expert cryptanalysts that WEP encryption can be cracked by any determined attacker that has the ability to collect and compare enough frames. Around 4 million frames are needed to perform comparison and determine the keys. It is not the sort of thing that the average man or woman in the street would be capable of, but a determined technically minded person with the right processing power and suitable tools could determine the WEP key. Many tools to aid a hacker are quite freely available on the Internet. Once the WEP key had been broken, this person could then enter the WiFi network as a valid user and gain access to any network network resources or pose as a user. There are many other methods of attacking encryption algorithms, so it is imperative that users employ the best security algorithms available.
The obvious security flaw is lack of physical security, where stolen NICs or PCs can provide an attacker with the WEP or WPA keys they need.
Wi-Fi Protected Access is a framework that supports a number of methods of secure authentication and encryption including:
• User-based Authentication
• Dynamic Encryption Keys
• Encryption Key Management
• Mutual Authentication
User-based authentication requires a centralized AAA (Authentication, Authorisation and Accounting) server, whereby users are required to have a username and password. In this case it is not the device that is being authenticated but the individual user. The IEEE 802.1x framework offers this sort of authentication with various options available such as standard usernames and passwords or digital certificates Additional dynamic encryption keys mean that the network management team do not have the task of periodically changing keys because they are automatically changed for every frame and therefore very unlikely to be compromised.
Mutual authentication is the key to giving network administrators confidence that the network defences are not being breached by unauthorized users. With mutual authentication, not only does the network authenticate the client but the client also authenticates the network.
Security is constantly on the agenda for Wireless vendors and the IEEE through the 802.1x authentication framework. A protocol based on the Point-to-Point Protocol (PPP) and known as Extensible Authentication Protocol (EAP) has several versions, some developed by vendors themselves.
Wireless Security is discussed on some of our instructor-led training courses.