Security Architecture

From the time that wireless LANs burst on to the scene, they have been inextricably associated with security, or rather, the lack of security. One of the reasons that wireless LAN deployment is such a significant undertaking is that securing an open network medium is a major challenge. Early wireless networks were, with good reason, likened to leaving an open network jack in the parking lot for public use.

Early solutions for restricting access and protecting data were laughable, in part because the lessons of history did not immediately apply. Traditional network security has focused on securing the physical medium to reduce the risk of network attack, but wireless networks are useful precisely because the medium is not locked behind walls and doors. Short of building a massive RF shield around the building, you must assume that the physical layer is open to anybody who wants to access it.

With a network medium that provides negligible physical security, cryptography must be used to protect user sign-ons and the data that flows over established connections. Encryption can be used to establish trust between devices connected only by radio waves. Cryptography helps to establish the user identity, and assure that access points are part of the network they claim to be. Once a user has been authenticated, cryptography assumes its better-known role of scrambling network traffic to prevent traffic interception.

Network security is intertwined with network architecture. Early fundamental insecurities in 802.11 networks led to an architecture that imposed physical and logical barriers between the existing wired network and any wireless extensions, at a cost of usability. Improved security protocols enable the wireless network to be reintegrated into the existing wired network. The physical network is likely to remain separate because of the radically different physical properties of the wireless medium. For the users and network administrators, it will be part of the same integrated whole. In some respects, it will resemble evolution of the mobile telephone network. Cellular networks are physically separate because they require specialized equipment and management systems to deal with the challenges posed by radio links to subscribers. However, they are logical extensions of the existing telephone network. Users can run the same application (voice) on the cellular network with no retraining, and the mobile telephone network is integrated into the overall management system of telephony. Now that wireless LANs can provide appropriate security, the integration has begun.

Introduction to Wireless Networking

Overview of 802.11 Networks

11 MAC Fundamentals

11 Framing in Detail

Wired Equivalent Privacy (WEP)

User Authentication with 802.1X

11i: Robust Security Networks, TKIP, and CCMP

Management Operations

Contention-Free Service with the PCF

Physical Layer Overview

The Frequency-Hopping (FH) PHY

The Direct Sequence PHYs: DSSS and HR/DSSS (802.11b)

11a and 802.11j: 5-GHz OFDM PHY

11g: The Extended-Rate PHY (ERP)

A Peek Ahead at 802.11n: MIMO-OFDM

11 Hardware

Using 802.11 on Windows

11 on the Macintosh

Using 802.11 on Linux

Using 802.11 Access Points

Logical Wireless Network Architecture

Security Architecture

Site Planning and Project Management

11 Network Analysis

11 Performance Tuning

Conclusions and Predictions

show all menu

802.11 Wireless Networks The Definitive Guide
802.11 Wireless Networks: The Definitive Guide, Second Edition
ISBN: 0596100523
EAN: 2147483647
Year: 2003
Pages: 179
Authors: Matthew Gast
Similar book on Amazon © 2008-2017.
If you may any questions please contact us: