Security is a vital consideration when planning, designing, implementing, and managing any type of network infrastructure. This is especially true for wireless local area networks (WLANs), which present a unique set of challenges to both IT specialists and security professionals. In addition to the typical problems that new network and device technologies are plagued with, non-secure WLANs can expose any organization’s network traffic and resources to a multitude of unauthorized outsiders.
These individuals, many times referred to as “hackers,” may capture data and exploit your network-based resources, including Internet access, servers, and data storage areas. Also, and perhaps more importantly, unauthorized wireless access to a network can serve as the entry point for various types of attacks. These, in turn, can bring down an entire network, allow for a Denial-of-Service (DoS) opportunity, and even potentially subject the organization to legal liabilities, both civil and those triggered by violating Federal Mandates.
Wireless LAN radio signals can extend beyond an intended design area and “leak” through the physical boundaries of a floor or building. As these transmissions seep into common, public, or private areas such as roads, parking lots, and other buildings, they may fall prey to “war driving” or a “drive-by hacking” attack.
Using off-the-shelf hardware and freely available Internet software, unscrupulous individuals can defeat many commonly-used security protocols and access corporate wireless data. In addition, associates such as employees and contractors may choose to take advantage of the low price and easy installation of WLAN starter kits, built around a WLAN Access Point (AP).
These WLAN kits can be purchased for less than $50 and set up with minimal technical expertise in less than ten minutes. When these unauthorized systems are inserted into a corporate network, a number of very serious challenges arise, including end user and equipment support difficulties, as well as potential disruptions to existing services. To mitigate these security challenges, as well as many other new threats that are showing up in networks on a daily basis, the effectiveness of WLAN security standards have progressed dramatically during the past few years. There are many, many different types of security standards now in use in WLANs, and the study of their features and functions is complex and detailed.
The original IEEE 802.11 security standard for WLANs was Wired Equivalent Privacy (WEP). It was defined by the IEEE in 1997 and provides authentication and encryption services. WEP comes in different key sizes; common key lengths are currently 128- and 256-bits. The longer the key the better since it will increase the difficulty for hackers.
As its name implies, this standard was intended to make wireless networks as secure as wired networks. Unfortunately, this was never achieved as flaws were quickly discovered and exploited by hackers. There are several open source utilities that can be used by hackers to break into WLANs by examining packets and looking for patterns in the encryption.
This type of encryption is already being considered outdated and seriously flawed. In 2005, a group from the FBI held a demonstration where they used publicly available tools to break a WEP-encrypted network in three minutes.
WEP protection is better than nothing, although generally not as secure as the more sophisticated WPA-PSK encryption. The biggest problem is that if a hacker can receive packets on a network, it is only a matter of time until the WEP encryption is cracked.
WEP has some serious issues. One is that it has no provision for dealing with the issue of key management. Either the keys have to be manually given to end users, or they have to be distributed in some other authentication method. Since WEP is a shared key system, the AP uses the same key as all the clients and the clients also share the same key with each other. A hacker would only have to discover the key from a single user, and he would then know the key for all the users since they are, by definition, shared. Because of this shortcoming, WEP is no longer recommended for use.
To overcome the problems inherent with WEP, the IEEE has been working on IEEE 802.11i, which is a standard for WLANs that provides improved encryption for networks using the popular IEEE 802.11a, IEEE 802.11b, and IEEE 802.11g standards. The 802.11i standard requires new encryption key protocols, known as Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). The 802.11i standard was officially ratified by the IEEE in June of 2004, and thereby became part of the 802.11 family of wireless network specifications.
However, as is the case with many organizations that develop and issue sets of standards, it takes time to complete all of the associated tasks. And, it was felt by the industry and many WLAN users that there was a critical need for an interim security standard that could be used until IEEE 802.11i was ratified in its final form.
Wi-Fi Protected Access (WPA) is a software/firmware improvement over WEP. WPA is a trimmed-down version of the 802.11i security standard that was developed by the Wi-Fi Alliance to replace WEP as a de facto industry standard. All regular WLAN-equipment that worked with WEP can simply be upgraded and no new equipment needs to be purchased.
WPA2 is a follow-on Wi-Fi Alliance branded version of the final 802.11i standard. The primary enhancement over WPA is the inclusion of the AES-CCMP algorithm as a mandatory feature. Both WPA and WPA2 support EAP authentication methods using RADIUS servers and a preshared key (PSK).
The level of discussion for WLAN security in this post is appropriate for the CCNA level of training. However, to pursue the higher levels of understanding these protocols and processes, I encourage you to follow up your CCNA training with the CCNA Wireless training track.
Author: David Stahl