local area networks (WLANs) based on the Wi-Fi (wireless fidelity) standards are
one of today's fastest growing technologies in businesses, schools, and homes,
for good reasons. They provide mobile access to the Internet and to enterprise
networks so users can remain connected away from their desks. These networks can
be up and running quickly when there is no available wired Ethernet infrastructure.
They can be made to work with a minimum of effort without relying on specialized
Some of the business advantages of WLANs include:
" Mobile workers can
be continuously connected to their crucial applications and data;
applications based on continuous mobile connectivity can be deployed;
Intermittently mobile workers can be more productive if they have continuous access
to email, instant messaging, and other applications;
" Impromptu interconnections
among arbitrary numbers of participants become possible.
" But having
provided these attractive benefits, most existing WLANs have not effectively addressed
All wireless computer systems face security threats that can compromise its systems
and services. Unlike the wired network, the intruder does not need physical access
in order to pose the following security threats:
This involves attacks against the confidentiality of the data that is being transmitted
across the network. In the wireless network, eavesdropping is the most significant
threat because the attacker can intercept the transmission over the air from a
distance away from the premise of the company.
The attacker can modify the content of the intercepted packets from the wireless
network and this results in a loss of data integrity.
access and spoofing
The attacker could gain access to privileged data and resources in the network
by assuming the identity of a valid user. This kind of attack is known as spoofing.
To overcome this attack, proper authentication and access control mechanisms need
to be put up in the wireless network.
In this attack, the intruder floods the network with either valid or invalid messages
affecting the availability of the network resources. The attacker could also flood
a receiving wireless station thereby forcing to use up its valuable battery power.
The other threats come from the weakness in the network administration and vulnerabilities
of the wireless LAN standards, e.g. the vulnerabilities of the Wired Equivalent
Privacy (WEP), which is supported in the IEEE 802.11 wireless LAN standard.
Authentication in the 802.11 specification is based on authenticating a wireless station or device instead of authenticating a user. The specification provides for two modes of authentication: open authentication and shared key authentication. The 802.11 client authentication process consists of the following transactions:
Client broadcasts a probe request frame on every channel
Access points within range respond with a probe response frame
The client decides which access point (AP) is the best for access and sends an authentication request
The access point will send an authentication reply
Upon successful authentication, the client will send an association request frame to the access point
The access point will reply with an association response
The client is now able to pass traffic to the access point