Most users find themselves in one of two situations: 1) You have this really great wireless network, however, you have discovered it is not as secure as you thought or planned; 2) You need to implement a new wireless infrastructure, and your organization wants to make it as secure as possible.
Way back when, most relied on the idea that spread spectrum was inherently secure. However, two rather large, threatening "security holes" have been discovered. The first is eavesdropping, which is also known as "sniffing." The second is gaining access to a LAN and its resources through hacking.
Don't panic! There is light at the end of the WLAN (wireless LAN) security tunnel. And, thankfully, that light is not coming from the Manhattan Limited.
WEP Is Not Totally Secure
First, let's examine what the issues are. It all began with a report released by Berkeley University (available at www.isaac.cs.berkeley.edu/isaac/wep-faq.html). In short, it presented the fact that the WEP (wired equivalent privacy) may be compromised. This may open a user's network to several types of security breaches, from grabbing the WEP key to the denial of service attacks. This report caused concern in the WLAN community. The 802.11 Committee and others responded with an explanation as to what WEP really is. WEP is not end-to-end, unbreakable, totally secure communication. WEP is designed to provide the equivalent of an unencrypted wired connection.
There are easy ways to "sniff" the WLAN and therefore obtain the SSID (secure set identifier), which is the "password" to the WLAN. The report also says there are many WLAN installations where no thought was given to AP (access point) settings when the system was installed. Therefore, the system is running on the default AP settings. For most APs, this means open access to anyone.
New products and protocols are months from being finished. So, what are the best ways to maximize your organization's security? There are several ways a WLAN can be secured against most attacks. Explore the following solutions carefully. Many of them are easy to implement.
Close the system by turning off broadcast SSIDs. This prevents unwanted users from associating to your APs.
Make the SSIDs difficult to guess. Some end users have SSIDs over 20 characters long and are completely random, making them very difficult to guess or remember.
Use 128-bit encryption. The 128-bit encryption remains the best WEP method to date. Hackers go for the paths of least resistance. Don't make it easy for them.
Change the 128-bit keys periodically. Using multiple keys makes it easier to change keys on a periodic basis.
Do not use easy-to-guess keys. Easy-to-guess keys are like writing your password down. The SSID and keys open the front door to your network and should be guarded.
Implement an advanced authentication system, such as user ID-based RADIUS. User ID-based RADIUS requires the AP and client to participate in the authentication process. The client displays a user ID and password prompt. The AP then forwards the request with user ID and password to a RADIUS server for authentication.
Encrypt the entire application message before it hits the radio. This can be done with several of the third-party VPN (virtual private network) packages available today. These packages, sitting between the application and the radio driver, encrypt all messages before the radio receives them. The messages are not decrypted until the customer's host safely receives them. These encryption methods are far more sophisticated than WEP and virtually impossible to breach.
Proper installation, implementation, and maintenance are all key to protecting a WLAN. Inadequate installations, specifications, or an incomplete understanding of WLAN topography are perhaps the most common variables that present organizations with WLAN security problems. It is imperative that security issues be viewed as part of the "total solution." Problems are arising today because organizations install WLANs and expect them to be secure. However, WLANs are not "automatically" secure. Secure WLANs are the direct result of ever-increasing security knowledge, proper installation, proper implementation, and continued maintenance.