Summary | Real 802.11 Security: Wi-Fi Protected Access and 802.11i

In this chapter we have looked at the way in which Wi-Fi LANs are being used to provide public hotspots. The ideal situation is that, eventually, there will be hotspots all over the place and you will be able to sit down with your laptop or other wireless terminal and get a connection to the Internet without any special configuration or login required. In fact, it should work like cellular phones today; just turn on and use. Today, most hotspots do not work in this way; typically, a special connection procedure is required via a Web browser login screen. However, some cellular phone manufacturers have started to integrate the same type of authentication as seen in phones and this can provide more seamless access.

In the future the use of IEEE 802.1X provides a path to more seamless hotspot access. IEEE 802.1X will allow the user's computer to specify the types of authentication it can support and to negotiate access using embedded security tokens such as digital certificates and smart cards. The use of IEEE 802.1X makes IEEE 802.11i (RSN) security a logical choice for hotspots in the future. However, it must be remembered that the primary motivation of the hotspot operator is to avoid fraudulent use rather than to protect the privacy of the customer.

There are many security issues related to the use of hotspots. Most provide no security on the wireless link so your data can easily be observed by an attacker in the hotspot. Furthermore, most treat the local Wi-Fi LAN as a shared medium, allowing data for one wireless station to be broadcast to other users. This creates all sorts of risks of privacy as well as a danger of direct attacks on disk drives that you might have inadvertently left open. On top of all these issues, the data ultimately passes over a public Internet connection that must be considered totally insecure. Therefore, although you may use a personal firewall, and in the future there might be wireless encryption, it is likely that the use of VPN will continue as the most secure way to protect corporate users when they are accessing hotspots.