Category list

Real 802.11 Security: Wi-Fi Protected Access and 802.11i - page 21

Summary

In this chapter we looked into the mindset behind security systems design, as well as into the minds of computer attackers and legitimate researchers. Seeing how security gurus think and work is interesting—you don't have to become a guru to install and run a secure system. Home users need basic policy skills to run the network and basic protocol skills to make an informed purchasing choice. Managers of large networks need complex policy arrangements and can benefit from a detailed understanding of the protocols, particularly for problem diagnosis and interfacing to other systems.

The whole field of security related to computing network is huge. We have set the scene in this chapter by looking at the basic assumptions underlying security. The next chapter considers how these apply to wireless and, in particular, Wi-Fi networks. If you wish to study the more general aspects of computer security, these books provide comprehensive general coverage: Bishop (2002) and Pfleeger et al. (2002).

Chapter 3. Why Is Wi-Fi Vulnerable to Attack?

This chapter begins by asking the questions "Who is likely to attack?" and "What motivates them to attack?" By understanding the enemy, you will be better prepared to set up and evaluate defenses. We look at the technical characteristics that make Wi-Fi LANs especially vulnerable and review different system approaches that have been applied to try to provide security.

Changing the Security Model

The question in the title of this chapter seems too obvious to ask. Everyone knows that Wi-Fi LANs use radio waves, those waves propagate all over the place, and therefore anyone can listen in on your communications. So why have a chapter dedicated to this subject? Well, it's worth spending time looking at the effect that this widespread propagation has on conventional security models because this type of uncontrolled propagation creates the problems we need to solve.

In the past, security architectures were often developed on the assumption that the core parts of the network were not physically accessible to the enemy. People inside the building were considered to be friends, and friends were expected to monitor visitors . Attacks were only expected in well-defined places such as the connection to the outside Internet, where firewalls are located. Wi-Fi LANs turn these assumptions on their heads. Using radio propagation is like inviting anyone who passes by, friend or enemy, to come into your facility and plug into an Ethernet jack of his choice. This totally open scenario requires a new way of thinking about LAN security and introduces new challenges. Wi-Fi LANs are vulnerable because they don't work according to the old rules.

Another vulnerability follows from the fact that eavesdropping can lead to breaches of the network. Some people may not care if outsiders read their communications. They may feel they have nothing to hide and they aren't doing anything secret. However, everybody should care if enemies can come into their network and delete information or plant a virus. These two threats cannot actually be separated. If you allow passive listening, you open yourself to active attacks.

With that in mind, this chapter does not only answer the question in the title but also looks at the implications of this vulnerability. Specifically, this chapter considers how a network is organized in the conventional security model and how Wi-Fi conflicts with this organization. It also looks at two ways to adjust the model to include Wi-Fi using VPN and direct wireless connections. To understand these implications, however, it is important to first take a look at the types of people who are likely to try to attack your network, and discuss their motivations for doing so.

Buy on amazon.com >>

Edney J., Arbaugh W. A.

<< Previous page

Table of contents

Next page >>