"; function search(frm) { win = window.open("","scrollbars"); win.document.write(page); txt = frm.srchval.value.split(" "); fnd = new Array(); total=0; for (i = 0; i < item.length; i++) { fnd[i] = 0; order = new Array(0, 4, 2, 3); for (j = 0; j < order.length; j++) for (k = 0; k < txt.length; k++) if (item[i][order[j]].toLowerCase().indexOf(txt[k]) > -1 && txt[k] != "") fnd[i] += (j+1); } for (i = 0; i < fnd.length; i++) { n = 0; w = -1; for (j = 0;j < fnd.length; j++) if (fnd[j] > n) { n = fnd[j]; w = j; }; if (w > -1) total += show(w, win, n); fnd[w] = 0; } win.document.write("

Total found: "+total+"
"); win.document.close(); } function show(which,wind,num) { link = item[which][1] + item[which][0]; line = ""+item[which][2]+" Score: "+num+"
"; line += item[which][4] + "
"+link+""; wind.document.write(line); return 1; } Wireless Technology

Home  | About Us | Site Map |
  
 
.......................................................................................................................................................................................................
Wireless Systems Wireless Technology Protocols & Languages Professional Bodies Glossary
Wireless Technology                                                                  WLAN
  Blue Tooth
  Radar
  Satellite Communication
  WiFi
  WiMAX
  WLAN
  Zigbee

•  Introduction

  Most industry estimates suggest that more than 50% of all enterprises will have at least one WLAN installation by 2003 1 . The Wi-Fi Alliance believes it is critical for CIO's and IT managers to understand the risks of WLANs and immediately take prudent action to secure their installation.

WLAN Security Breaches

There are two aspects of WLAN security: data protection (encryption) and network access control (authentication). Breaches can occur at the network level via the wireless access point (AP), or at an individual PC - either attached to a network or operating in ad hoc mode and communicating in a peer-to-peer fashion. The result of a wireless privacy breach is the same as it would be for a physical wirebased network privacy issue: corporate data is at risk for third party recovery or modification. Because of the broadcast nature of wireless, however, providing data protection is much more challenging with wireless networks. Network breaches range from someone taking unauthorized enterprise network bandwidth to connect to the Internet, to attempts at accessing corporate secrets. Without prudent measures, WLANs can represent uncontrolled entry into an otherwise secure network. Much of the present threat is caused unintentionally by an enterprise's employees. Vulnerability is created when, for the sake of their own convenience, employees deploy a "rogue” AP which has not been authorized by a network administrator. This effectively leaves a door open to the corporate network. These rogue APs are often installed with no security protection activated and behind the firewall. In this situation, these APs allow virtually open access to the corporate network. This risk of rogue AP deployment is exacerbated by organizations that refuse to implement wireless solutions and prompt employees to take action themselves.

Causes of WLAN Security Issues

The original IEEE 802.11 security standard had modest security goals in WEP that are now easily defeated . In general terms this included native authentication, where the user is required to prove he is authorized for access and encryption to provide data protection.

* 802.11 security applies equally to 802.11a, b, and g – the three physical level (speed/distance)

implementations of 802.11 LANS.

Weak Authentication

IEEE 802.11 authentication is offered by three mechanisms:

1) Open System Authentication, where only the APs publicly available network name – also known as Service Set Identifier (SSID) is used;

2) Shared Key Authentication, where a static, manually preset WEP key on both the AP and the stations is used; and

3) configuring the AP to only accept selected MAC addresses. Whether used separately or in combination, these measures are easily overcome with widely available hacker's tools.

Open System Authentication depends on an attacker not learning the SSID—but this can always be learned using a packet sniffer, even when the SSID broadcast has been disabled. Shared Key Authentication is poorly designed, and an attacker with a packet sniffer can reuse information gathered from one valid authentication to authenticate himself. Finally, any Wi-Fi card MAC address can be changed to that of any other (spoofed), so access control via MAC address lists is ineffective and not scalable.

BACK