Home: www.packetnexus.com
Understanding Basic WLAN Security Issues By Eric Janszen A wireless LAN is the perfect way to improve data connectivity in an existing building without the expense of installing a structured cabling scheme to every desk. Besides the freedom that wireless computing affords users, ease of connection is a further benefit. Problems with the physical aspects of wired LAN connections (locating live data outlets, loose patch cords, broken connectors, etc.) generate a significant volume of helpdesk calls. With a wireless network, the incidence of these problems is reduced. There are however, a number of issues that anyone deploying a wireless LAN needs to be aware of. First and foremost is the issue of security. In most wired LANs the cables are contained inside the building, so a would-be hacker must defeat physical security measures (e.g. security personnel, identity cards and door locks). However, the radio waves used in wireless networking typically penetrate outside the building, creating a real risk that the network can be hacked from the parking lot or the street. The designers of the IEEE 802.11b or Wi-Fi tried to overcome the security issue by devising a user authentication and data encryption system known as Wired Equivalent Privacy, or WEP. Unfortunately, some compromises that were made in developing WEP have resulted in it being much less secure than intended: in fact a free program is now available on the Internet that allows a hacker with minimal technical knowledge to break into a WEP-enabled wireless network, without being detected, in no more than a few hours. The IEEE standards group is working on an improved security system that is expected to overcome all of WEP's known shortcomings but it is unlikely that products incorporating the new technology will be widely available before late 2002 or early 2003. In the meantime, security experts agree that all sensitive applications should be protected with additional security systems such as Internet Protocol Security (IPsec). However, if excessive security measures are forced on users of non-sensitive applications, the wireless network becomes cumbersome to use and system throughput is reduced. A good wireless networking system should therefore provide a range of different user authentication and data encryption options so that each user can be given the appropriate level of security for their particular applications. Another point to bear in mind is that each access point in a Wi-Fi network shares a fixed amount of bandwidth among all the users who are currently connected to it on a first-come, first-served basis. It is therefore important to make sure that sufficient access points are installed for the expected volume of users and traffic. Even then there is a tendency in a first-come, first-served kind of network for a small number of wireless devices (typically those who are physically closest to the access point) to grab most of the available bandwidth, resulting in poor performance for the remaining users. The best way to resolve this issue is to choose a system which has quality of service (QoS) features built into it. Since one of the major benefits of wireless networking is user mobility, another important issue to consider is whether users can move seamlessly between access points without having to log in again and restart their applications. Seamless roaming is only possible if the access points have a way of exchanging information as a user connection is handed off f