Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
communications. The ability for workers to share resources and communicate with
Nevertheless, progress and innovation are not things that can be tamed or quelled.
They are constantly perpetuating themselves forward, but not without obstacles and
challenges. LAN technology is no different in this regard. The natural progression for
LAN technology to break its wire-based constraints has spawned a new form of
implementation of WLANs has been limited due to challenges. The purpose of this
report is to review what types of security measures are available for WLANs in order
to determine if they are safe for home and business use. This will be accomplished
by analyzing the risks involved with using WLAN technology in a home or business
environment, identifying threats, observing the evolution of the 802.11 standard from
a security aspect, and cataloging security tips that can be applied to a WLAN in
technology, but have ventured beyond by allowing devices and users to interoperate
without wire connections. WLANs use high frequency radio waves to transmit data
from one node to the next. This is accomplished by using access points that are
wired to an Ethernet LAN. Data travels at 2.4GHz from the access point to the node.
The high frequency radio waves can penetrate walls and floors up to 1000 feet from
Institute of Electrical & Electronics Engineers better known as IEEE. The institute is a
A Study of WLAN Security 3
electronics, among others” (IEEE, 2004). The IEEE formed a workgroup dubbed
802.11 in 1972. The 802.11 standards are defined as, “ wireless standards that
access point, as well as among wireless clients. [The] specifications address both
the Physical (PHY) and Media Access Control (MAC) layers, and are tailored to
technology. They also share the unrelenting attacks from hackers and crackers.
They are well- trained individuals that reside in the dark shadows of the computer
technology world, and they thrive on infiltrating systems for fun, or for personal
financial gain. Their assortment of tricks includes, but is not limited to denial of
service (DoS) attacks, viruses, SPAM, and thefts of trade secrets. WLANs are just
the latest realm on which they can wreak havoc. “Because they use radio signals,
wireless networks are inherently vulnerable to hackers.” (Ellison, 2003). The radio
signals used in WLANs can permeate beyond the physical boundaries of a house or
an office, “"war drivers," who roam the streets with notebooks looking for "open" or
insecure networks” (Ellison, 2003) are simply mobile hackers looking for prey.
Unfortunately nowadays the tools required to hack are not hard to acquire. “All it
PDA, some free downloadable software and a bit of spare time. That's why any
wireless network, whether for Mom and Dad at home or an enterprise with
A Study of WLAN Security 4
No one is spared from the incessant attacks as Ellison points out. Blackwell
reiterates the point about WLAN vulnerabilities by saying that, “WLAN signals are
prone to being intercepted well outside the facility in which the network resides.”
your body. The hacker takes, and never gives anything positive in return. “With a
range of up to 300 feet or more, depending on the antenna, the transmissions can be
intercepted by anyone inside that radius with the proper equipment. And once
intruders attach to an unsecured access point, they have access to your network and
your Internet connection. They can potentially open or delete files or use your mail
IEEE took security into account when they were developing the
operating a WLAN. IEEE realized that the most vulnerable component in the WLAN
communication process was the data that was being transmitted by high frequency
radio waves. Their solution was to focus on an encryption scheme that would thwart
attackers from reading or altering transmitted data. “In 1997, the IEEE adopted the
wireless security”. (Ellison, 2003). WEP is defined as a standard that, “ allows the
administrator to define a set of respective "Keys" for each wireless network user
based on a "Key String" passed through the WEP encryption algorithm. Access is
denied by anyone who does not have an assigned key.” (Austin Wireless Net, 2002).
In turn the WLAN hardware manufacturers built these security measures into their
devices. The problem is that, “Virtually every wireless network product is shipped
with security features turned off, and most users never bother to turn them on.”
A Study of WLAN Security 5
(Ellison, 2003). Consumers do not rectify the problem once they get the product
home or to the office; “ many people never return to their settings once they've
installed their wireless LANs. They either forget or avoid turning on WEP”. (Ellison,
2003). Business firms are also guilty of not enabling the security settings on their
WLAN equipment, “of 500 firms recently polled by Jupiter Research, less than half
have implemented security solutions for their wireless networks”. (Ellison, 2003).
Security settings can only work if they are turned on. However the WEP security
solution is not entirely effective. “Even if you've enabled WEP (Wired Equivalency
Protocol) encryption, the flaws in that standard are well-documented, and hackers
can pretty easily break into WEP-protected network. You need WPA (Wi-Fi
Protected Access), a far stronger protocol that fixes the weaknesses in WEP.”
(Ellison, 2003).
WPA was developed by the Wi-Fi Alliance who are a,” nonprofit trade
organization, the Wi-Fi Alliance has three purposes: To promote Wi-Fi worldwide by
home, SOHO and enterprise markets; and last but certainly not least, to test and
certify Wi-Fi product interoperability.” (Wi-Fi Alliance, 2004). Members of the Wi-Fi
Alliance decided to take security matters into their own hands and brought WPA to
the marketplace. A WPA definition is,” When WPA is enabled; a client card first tries
to associate with the access point (AP). The AP blocks access to the WLAN until the
session key that TKIP distributes to the user and the AP. The user then joins the
generates a different key for each packet transmitted. The advantages of WPA over
dynamic key allocation”. (Erlanger, 2003). Erlanger refers to TKIP (Temporal Key
Integrity Protocol), which can be defined as a protocol that, “can dynamically change
the encryption key used to send data across the network between authenticated
network nodes. It can even use a different key for every single packet of data sent.
The basic idea is simple: It's much harder to hit a moving target.” (Ellison, 2003). It is
clear that manufacturers would not be willing to invest capital into this technology if
they could not sell the end product to customers. With the well-publicized security
issues related to WLANs the Wi-Fi Alliance had no choice but to take action and
create a certification program called Wi-Fi Certification that would give consumers
peace of mind about purchasing WLAN hardware. Manufacturers agreed this was a
good move for the industry, and now, “all major manufacturers use WPA-compatible
chipsets, and all products submitted for Wi-Fi certification must also pass WPA
direction towards securing WLANs. The ability to encrypt each packet is critical to
standard has focused on the vulnerability of data packets being transmitted. WPA
laid a solid foundation for 802.11i to add an industrial strength encryption scheme
called Advanced Encryption Standard (AES). AES uses a longer encryption key for
data packets, which renders them virtually unhackable. AES will be the new
scheme. “This spec promises to improve the notoriously poor security for wireless
message integrity.” (Salvator, 2003). AES will come at a price like all good things do
(Erlanger, 2003). 802.11i is yet another significant step towards secure WLAN
bulletproof and will meet government standards for security.” (Ellison, 2003). Other
There are certain inherent security tips that should be followed when
operating a WLAN, “
• Change the default SSID (network name) on your router/AP. The default
SSIDs of commonly available hardware are well known to hackers. Your SSID
should not contain information that would give away your company name or
location.
• If your router/AP supports it, consider disabling the SSID broadcast. It will
prevent the casual war driver from detecting your network.
• Turn on the highest level of security that your hardware supports. Even if you
have older equipment that supports only WEP, be sure to enable it, using the
128-bit setting. Despite its bad rap as an ineffective solution, it will still deter
most hackers.
A Study of WLAN Security 8
• Check your hardware manufacturer's Web site for firmware and driver
upgrades. Most provide updates that include WPA support for recent
products.
• Carefully consider the placement of each router/AP. If you don't need wireless
access outside your building, place your APs toward the center of your home
or office to minimize how much signal radiates outside.
• If you have a limited number of wireless clients, consider providing them with
static IP addresses, and then disable DHCP on your router. This will make it
more difficult for a hacker to learn about your network.
• When using public hot spots, be aware that they are very insecure. All the
network traffic between your notebook or PDA and a hot spot's AP will be
unencrypted, since virtually no hot spot provider enables security. If you
frequently use public hot-spot services, run firewall software like Zone Alarm
and be sure to disable Windows file and print sharing.
A Study of WLAN Security 9
• If you have VPN software, consider using it. That way, all of your network
traffic at the hot spot will be encrypted from your notebook to your VPN
endpoint.
• Turn off file and print sharing on your computer. Most hot-spot access points
do not prevent client-to-client traffic, so the person sitting across from you in
the coffeehouse could be poking around in your shared directories on his
notebook.” (Ellison, 2003)
Conclusions
With the new 802.11i security standard and security tips. A compelling
argument can be made for why WLANs should be used in the home and the office.
The concept of total mobility is not going away. The trend in the high technology
sector will continue towards access to information anywhere, anytime. Granted the
initial 802.11 standard had serious security issues, but the development of WEP was
a start in the right direction. WPA also made a strong push in the right direction. The
industry made a conscious effort to strengthen the weakest link. “Both WPA and
802.11i show that the wireless LAN industry is finally getting serious about security.
Whether you use a WLAN at home or in an enterprise, you should definitely take
When 802.11i becomes available many more people may consider WLANs as a
viable alternative to traditional wired LANs. The strong selling feature with 802.11i is
the fact that it uses an encryption scheme that is adequate for the United States
Federal government. It is clear that the government would not endorse AES if it were
not sound and effective. Thus with all the schemes and protocols like WEP, WPA,
TKIP, SSID, and AES it would be a hard case to state that WLANs are still insecure.
If no major threats against 802.11i are identified then I feel that WLANs are a
feasible option for home and office use. Ellison summarizes it best by writing, “The
A Study of WLAN Security 10
most important point to take away from any discussion of WLAN security is that there
is a need for it.” (Ellison, 2003) The need for security may never disappear, but there
will always be groups working diligently to develop counter measures for hacking.
A Study of WLAN Security 11
References
Austin Wireless Net (2003, October). Retrieved March 13, 2004 from the World Wide Web:
http://www.austinwireless.net/cgi-bin/index.cgi/Glossary
Blackwell, G. (2002, January). Serious WLAN Security Threats: Part 1. Wi-Fi Planet
Web:http://www .wi-fiplanet.com/columns/article.php/949891
Ellison, C. (2003, October). Keeping your Wireless Network Secure. Extreme Tech
Magazine, 8 paragraphs. Retrieved February 7, 2004 from the World Wide Web:
Erlanger, L. (2003, August). Real Security for Wireless LANs. Extreme Tech Magazine, 2
paragraphs. Retrieved February 14, 2004 from the World Wide Web:
http://www.pcmag. com/article2/0,4149,1244262,00.asp
IEEE Wireless Standards Zone (2004, January). Retrieved February 6, 2004 from the
Internet: http://standards.ieee.org/wireless/overview.html#802.11
Institute of Electrical and Electronics Engineers, Inc. (2004, January). Retrieved February 6,
pageID=corp_level1&path=about&file=index.xml&xsl=generic.xsl
Salvator, D. (2003, September). Picking the Right Topology. Extreme Tech Magazine, 2
paragraphs. Retrieved February 14, 2003 from the World Wide Web: http://www.
extremetech.com/article2/0,3973,1259139,00.asp
Wi-Fi Alliance (2004, January). Retrieved February 6, 2004 from the World Wide Web:
http://www.wi-fi.org/OpenSection/FAQ.asp?TID=2#WECA