Wireless LAN Security

Wireless LAN Security   - Abstract

The availability of inexpensive, easily installed WLAN equipment opens up new pathways for attacks and other security breaches. Unlike wired networks, where eavesdropping on network traffic will be apparent to watchful network administrators WLAN data streams can be passively observed using ordinary WLAN cards without being detected by administrators. Furthermore, the eavesdropper’s device may even be in the parking lot or on the sidewalk—unlike eavesdroppers on wired LANs, WLAN eavesdroppers need not be on site making an electrical connection to the network. Authentication is the foundation technology for protecting networks, servers, client systems, data, and applications from improper disclosure, tampering, destruction, and other forms of interference.

Shared Key Authentication Process

Contents

1. INTRODUCTION 

                                             

2. THREATS TO WLAN ENVIORNMENT   

                 

3. AUTHENTICATION AND ACCESS CONTROL   

        

4. STANDARDIZED ATTEMPTS TO MANAGE                                                    

5. SHORTCOMINGS OF STANDARD

                                  

6. SOLUTIONS 

                     

7. THREATS TO DATA PRIVACY AND INTEGRITY  

    

8. ROGUE ACCESS POINTS    

                               

9. DENIAL OF SERVICE (DOS)     

                           

10. CONCLUSION

Wireless LAN Security - INTRODUCTION

        Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity) standards are one of today’s fastest growing technologies in businesses, schools, and homes, for good reasons. They provide mobile access to the Internet and to enterprise networks so users can remain connected away from their desks. These networks can be up and running quickly when there is no available wired Ethernet infrastructure. They can be made to work with a minimum of effort without relying on specialized corporate installers.

Link Layer Protection: 802.1X

        One of the advantages of an 802.1X authentication system compared to a VPN is that the wireless network need not be located outside the firewall. Because the access points won’t forward any data aside from the authentication process itself, there is next-to-no opportunity for wireless attackers to access the wired network, even if they can receive the wireless signals in the parking lot.

DENIAL OF SERVICE (DoS)

        Denial of service (DoS) attacks are possible on any kind of network, not just WLANs.  However, WLANs have some DoS vulnerabilities that they don’t share with other networks. The most brute-force DoS attack is an attack on WLAN radios. 802.11 networks operate on bands at 2.4GHz and 5.8GHz.

Conclusion

If there are unprotected WLANs connected to an enterprise network, it’s crucial that these WLANs be located outside the firewall and other perimeter defenses. Wherever WLANs are attached to the enterprise network, it’s crucial to install and maintain a secure authentication system that is commensurate with the security risks the enterprise faces. In addition, it’s crucial to find and secure any unauthorized access points. In most cases, enterprises will want to update their existing access point firmware and software, client driver software, and authentication servers to the WPA standards, and only purchase WPA-compliant products going forward.