Setting up secure WLAN takes layers
- By Carlos A. Soto
- Oct 04, 2002
A wireless network is like having hundreds of Category 5 cables floating in search of a rogue client.
A good attacker can get in to most networks by taking advantage of a wireless connection and its innate faulty Wired Equivalent Privacy security.
WEP represents the encryption of communications data sent over radio waves, specifically using an 802.11b platform. But WEP, offered at increments from 40- to 128-bit encryption, is vulnerable because a smart attacker can obtain data pertinent to circumventing the encryption by capturing sufficient frames of data.
WEP begins doing its job when a wireless client sends a request to an access point for a secure session. The access point then generates an encrypted response, or shell, that is sent back to the client. The client then gives a shared key to both the client and the access point. The access point decrypts the shell and allows the client entry to a network if the shared key matches.
The problem with this technology is that capturing these frames reveals three pieces of data: the cipher text, plain text and initialization vector. With these items, an unauthorized user can communicate with the access point in WEP without having to know the shared key, bypassing security.
Despite the problems, it's not necessary to abandon WEP. A typical user, even most attackers, won't succeed in scaling this security hurdle. But there's a lot you can do to boost the security of a wireless network.
The first thing is to secure your access point. Make sure your service set identifier is closed and can't be detected by any unauthorized wireless clients. The SSID is the wireless network name that an access point automatically sends out for random clients to pick up the availability of wireless network service.
Making sure that your access point doesn't submit the SSID automatically depends upon the manufacturer and model of your access point. Some do, some don't and some can be set not to.Be choosy
Likewise make sure you configure your access points to not accept data from wireless clients set with the default any ssid. This setting is a feature inherent in most 802.11b clients so that they can detect any access point that is broadcasting its SSID. When choosing an access point make sure you choose one that has a username and password feature and that requires that a user log into the network via a hard-wired LAN rather than a wireless LAN to connect to the access point's configuration software.
Some companies produce more secure wireless access points than others. The market basically breaks into two categories: access points for small offices and devices for large ones. A small office would be one with 50 users or fewer. Large would be 50 or more.
Both categories of products offer WEP encryption as well as Media Access Control addressing capabilities. MAC addresses are the hardware numbers that uniquely identify each node of a network on an 802.11b platform. A MAC address adds one more layer of security but is inherently as flawed as WEP because the addresses can be easily sniffed with snooping software.
The WEP and MAC vulnerabilities are what distinguish small-office access points from their enterprise-level counterparts. The enterprise access points generally come with added security and management features.
Plus, some enterprise devices can generate a new and different shared key for every session. This makes it difficult for an attacker to make use of a key found with a sniffing application because each key has a short life span.
The high-end access points also can join remote authentication dial-in user service. RADIUS can authenticate wireless clients to a network if it uses Category 5 cabling. RADIUS servers, like the access points that can join them, are expensive and admittedly difficult to set up and use.
But it's the layers of security that will keep your wireless network services safe from penetration and tampering. No system is completely hack-proof; the goal of any good security approach is to make a breach so time-consuming and difficult that it's not worthwhile to the would-be hacker.