Information Technology Reference
In-Depth Information
about 40 different ways to access the EAP. Access points and devices
authenticate themselves at the beginning of each communication and generate
the keys that will be used to encrypt the traffic only for the current session.
MAC address filtering is another way to protect network communications.
The MAC address of a network adapter is a unique 12 digit hexadecimal code
[GATES]. Since each card has its own unique address, it is possible to limit the
access for the PA (access point) only to authorized devices with authorized
MAC addresses, easily excluding anyone that should not be on the network.
Several drawbacks prevent this system to offer a totally secure approach.
The first problem is the MAC addresses management. The wireless LAN
administrator must keep up-to-date the database containing the list of the
devices that have permission to access the network. This database must be
kept on each AP individually or on a special radius server (a 'de facto'
standard protocol for remote authentication) to which each AP is connected.
Each time a device is added, removed or modified in any way, the WLAN
administrator must update the database of devices allowed. If this is limited
to 10 or 20 people, it is not a problem, but in a corporate network with
hundreds or thousands of devices this is certainly not a practical solution.
Taking trace of the changes to the database would require a huge loss of time.
This heavy workload could be justified only if the MAC address filtering
would be 100% secure. Unfortunately, the system is easy to defeat using the
right tools. For example, using a wireless sniffer, an attacker can look at the
traffic of the wireless network and can emulate MAC addresses of valid
users, transmitted through the air, even if they are encrypted [GATES]. In
this manner, security is compromised.
For small wireless networks, the MAC address filtering could be considered
as a viable option in the absence of other security systems. For larger wireless
networks, however, the simple MAC address filtering does not provide the
level of security that could justify its enormous cost management.
2.2.3
Current status: the WPA, the best solution
With the growth of wireless networks, concerns have also increased about the
security of data travelling via radio. What has been found is that wireless
technology is not secure at all. As a matter of fact, packages and, therefore,
information, travelling in a radius of several hundred meters. If they are not
encrypted, anyone can see what we do.
At present, a protocol for secure connections is WEP, but there are
hacking tools that can invalidate it. One example is AirSnort, a software that
automates the cracking of the Protocol. AirSnort allows to 'sniffing' the
wireless network traffic and get the master key to decode the encrypted data
and gaining access to the wireless LAN (WLAN).
