Information Technology Reference
In-Depth Information
2001 Texas Instruments proposed a 22 Mbps variation of 802.11b called “b+,” and
Atheros proposed a 108 Mbps variant of 802.11g called “Super G.” Further, there
are standards for enhanced QoS (802.11e) and enhanced security (802.11i) that are
actually orthogonal to the traditional 802.11 family in the sense that they deal with
limitations rather than the characteristics of the protocol suite. To make comparisons
even more confusing, there are 802.1x protocols like 802.16 (2001), 802.16a (2003)
that are designed for wider area coverage, the so-called “Metropolitan Area Net-
works” or MANs. The 802.11n specifications are thin as of this writing, although
the current attention is on increasing throughput at the MAC interface rather than the
physical layer.
1 . 1
T h e W L A N E n v i r o n m e n t
WLAN offers many advantages: e.g., the ease and reduced expense of not having
to run cabling through an existing building, communication between buildings, or
just the convenience of not having to find a wall jack to establish a network connec-
tion. But this convenience comes at a price. While great care may have been taken
through the use of firewalls and intrusion detection systems to secure a network's
connection to the outside world, a WLAN creates another entrance into the network
that is typically behind the firewall.
Wireless signals cannot be easily confined to their area of intended use. In fact,
wireless communications can be monitored and captured from a mile or more away.
And this covert monitoring activity is virtually undetectable.
A number of wireless security mechanisms have been introduced to address these
problems. The first of these is an encryption and authentication standard called
the Wired Equivalent Privacy, or WEP. More recent encryption and authentication
protocols include EAP, WPA, and VPNs. Unfortunately, each of these has security
vulnerabilities
[1]
.
On a positive note, the 802.11i standard includes the Counter Mode/CBC-MAC
Protocol (CCMP). CCMP is based on the Advanced Encryption Standard (AES) and
should provide stronger encryption and message integrity than anything available
now. Unfortunately, since CCMP will require new hardware that is incompatible
with the older WEP-oriented hardware, it will probably be some time before this
security mechanism is widely implemented.
It is important to note that nothing that is covered here isn't already understood
and put into practice by the hacker and criminal communities. The people in the dark
tend to be law-abiding citizens. It is hoped that the information presented here will
raise awareness so that the defender stands a chance of protecting his digital assets
against WiFi intrusion.
