Security Basics

 < Day Day Up > 



One measure of a standard's success is the degree to which it encourages competition and makes technology more cost-effective for users. By this measure, Wi-Fi has been an unbelievable triumph. But another measure of success is the degree to which a standard anticipates and addresses future implementation issues. TCP/IP, for example, which was crafted more than 30 years ago, has withstood the test of time. By that yardstick, the IEEE 802.11 series' ongoing changes at both the Physical and the Data Link Layers, together with minimal security capabilities, make it easy for experts to second-guess the designers. Of course, 802.11 isn't even ten years old. Moreover, critics must also remember that it took nearly seven years to develop the initial 802.11 standard; if the IEEE had waited until it was sure a WLAN could also be made secure, the publication of the first 802.11 standard would have taken even longer. Whatever the reason for 802.11's paltry security provisions, everyone agrees that this series of wireless standards fails to provide for security measures that can pass muster with enterprise administrators.

In Wi-Fi's early days, people considered 802.11's ESSID (Extended Service Set Identifier), a string that was defined for each access point, as a wireless password. This offered an illusion of security. But it wasn't long before implementers realized that since access points routinely broadcast these "wireless passwords," anyone could intercept them. Even when broadcasting was disabled, the strings could be extracted in clear text from the management frames passed by the wireless computing devices and the access points. Today, ESSIDs often are detected automatically by a WLAN client to allow end-users to connect to wireless networks transparently; that is as long as no other security points exist.

Since the standard doesn't provide an authentication framework, MAC (Media Access Control) address restrictions are sometimes used to control access to a WLAN. However, this approach is an administrative burden, is vulnerable to address spoofing, and ties access to the computing device (which can be stolen) rather than to the end-user.

Finally, there's Wired Equivalent Privacy—or WEP. But WEP's static shared-key architecture has little appeal for enterprise IT professionals. That's because noted security experts like Scott Fluhrer, Itsik Mantin, Adi Shamir, and others have exposed the weaknesses in WEP's underlying encryption system. Clearly, there's a need for privacy based on dynamic session keys that are distributed after a robust authentication.



 < Day Day Up > 



Going Wi-Fi. A Practical Guide to Planning and Building an 802.11 Network
Going Wi-Fi: A Practical Guide to Planning and Building an 802.11 Network
ISBN: 1578203015
EAN: 2147483647
Year: 2003
Pages: 273

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net