802.11 Wireless Network Security
Essay title: 802.11 Wireless Network Security
802.11 Wireless Network Security
James D. Johns
Computer Science 630
Spring, 2005
History has shown that newer, cutting-edge technologies have been subject to an initial period of testing and debugging. Wireless network security is certainly no exception. The process of maintaining data integrity and prohibiting unauthorized access has proven to be problematic at best. While various companies have incorporated security algorithms into their products, the nature of wireless networking still provides relatively easy access to those networks. When vulnerabilities in the initial wireless security algorithms were discovered, those same companies pioneered efforts to enhance security. Unfortunately, those efforts have only recently been fully standardized.
Originally, wireless security consisted simply of filtering data transmission based on the MAC address of the client machine. This procedure was based on the theory that corporate IT departments are responsible for issuing wireless LAN cards and adapters to users and should therefore be able to maintain a corporate-wide list of MAC addresses which were in turn allowed to connect to the organization’s wireless network. During the initial connection procedures, wireless access points (AP) can verify the MAC addresses of connecting workstations to ensure the corresponding network adapter is on the list of known valid MAC addresses. While this procedure was fairly effective (as MAC addresses can be forged), system administrators quickly grew tired of maintaining this list of MAC addresses, especially as wireless networks grew in popularity and size. MAC address filtering still remains a highly viable means of securing a local area network in a non-business environment, particularly when a small number of computers are connected to that network and the number of computers is not likely to change.
A similar method of limiting the IP address pool in a DHCP-environment quickly emerged. In effect, this method limited the number of valid IP addresses available via DHCP. However, this method quickly proved to be problematic. When rogue workstations did gain access to the wireless network, legitimate computers could not gain access due to a lack of available IP addresses in the address pool. This problem would be even more severe if a DHCP server issued a reserved IP address to a workstation, assuming that a server authorized for that IP address provided critical functionality for the organization.
The network industry quickly became aware that other more sophisticated methods of securing a wireless network were required. Ultimately, the requirements of wireless security fell into two distinct categories: Encryption/Data Privacy, and Authentication/Access Control.
Encryption and Data Privacy
Encryption is defined as a mechanism which provides data privacy and integrity. The data should obviously not be decrypted by any unauthorized means, while all transmitted packets should originate from the actual sender. Encryption should enforce data integrity under any circumstances. To help maintain data privacy, many network administrators also stopped broadcasting the service set identifier (SSID), an identifier for a particular wireless network. Even today, this method is still viable as a “front-line” defense against hackers for both organizational and home-based wireless networks.
Authentication and Access Control
Authentication should be mutual, and should allow wireless clients and access points full-duplex authentication, i.e. the ability to authenticate each other. In addition, a framework should be introduced in order to facilitate the transmission of authentication messages between wireless clients, access points, and in some cases, authentication servers. Obviously, only properly authorized users and/or servers should gain access to the network resources.
Wireless Equivalent Privacy (WEP)
Wireless Equivalent Privacy was the first standard for 802.11 wireless network security. When the IEEE (Institute of Electrical and Electronics Engineers) ratified the standard, the WEP security standard was included. Unfortunately, many hardware manufacturers initially failed to favor the implementation of WEP. The MAC-address filtering method was still highly popular, and this is what