A Field Guide to Wireless LANs for Administrators and Power Users
There is much to learn about security as it pertains to IEEE 802.11 WLANs. Beginning this year, and continuing over the next several years, it appears that new WLAN products will be emerging that will attempt to prove that it is possible to truly secure a wireless infrastructure in a meaningful way, but as of yet, such a feat is effectively impossible. To be precise, it is currently impossible to achieve security for WLAN traffic using only MAC-layer techniques. What is security anyway? When that word is used in the context of computer networks, it typically refers to a number of related services, among them authentication (for users and data), authorization (access control, which derives from authentication), and encryption (for confidentiality, or protecting data from being viewed by unintended third parties). In networking, security is applicable at many layers. For example, a file system on a computer may be secure (e.g., encrypted), so that if someone stole the hard disk, he or she would not be able to read the data on it. Network devices, from switches and routers to terminal servers and file servers are typically protected by access control, to limit who can manage them, or to limit who can access them. Users are familiar with logging on to a file server. This is a form of access control, but not all access control schemes are equally strong (some send the password in the clear across the network). It is even possible (commonplace, in fact) to "tunnel" a secure session across an insecure medium, which is what Virtual Private Network protocols (VPNs) do to safely extend the security perimeter of a private network to a remote user. In the context of WLANs, security applies to access control (allowing only valid users to join the WLAN), mutual authentication (so the STA can be sure it is talking to a legitimate AP, and vice versa), and encryption (so the traffic on the air is unreadable by eavesdroppers). The encryption is enabled by the key distribution mechanism(s), since encryption is not possible without keys; ideally, keys are randomly chosen and securely exchanged, and only used once. |