Wireless LAN Security Standards

Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity) standards are one of today's fastest growing technologies in businesses, schools, and homes, for good reasons. They provide mobile access to the Internet and to enterprise networks so users can remain connected away from their desks. These networks can be up and running quickly when there is no available wired Ethernet infrastructure. They can be made to work with a minimum of effort without relying on specialized corporate installers.

Some of the business advantages of WLANs include:
" Mobile workers can be continuously connected to their crucial applications and data;
" New applications based on continuous mobile connectivity can be deployed;
" Intermittently mobile workers can be more productive if they have continuous access to email, instant messaging, and other applications;
" Impromptu interconnections among arbitrary numbers of participants become possible.
" But having provided these attractive benefits, most existing WLANs have not effectively addressed security-related issues.

All wireless computer systems face security threats that can compromise its systems and services. Unlike the wired network, the intruder does not need physical access in order to pose the following security threats:

Eavesdropping

This involves attacks against the confidentiality of the data that is being transmitted across the network. In the wireless network, eavesdropping is the most significant threat because the attacker can intercept the transmission over the air from a distance away from the premise of the company.

Tampering

The attacker can modify the content of the intercepted packets from the wireless network and this results in a loss of data integrity.

Unauthorized access and spoofing

The attacker could gain access to privileged data and resources in the network by assuming the identity of a valid user. This kind of attack is known as spoofing. To overcome this attack, proper authentication and access control mechanisms need to be put up in the wireless network.

Denial of Service

In this attack, the intruder floods the network with either valid or invalid messages affecting the availability of the network resources. The attacker could also flood a receiving wireless station thereby forcing to use up its valuable battery power.

Other security threats

The other threats come from the weakness in the network administration and vulnerabilities of the wireless LAN standards, e.g. the vulnerabilities of the Wired Equivalent Privacy (WEP), which is supported in the IEEE 802.11 wireless LAN standard.

Authentication in the 802.11 specification is based on authenticating a wireless station or device instead of authenticating a user. The specification provides for two modes of authentication: open authentication and shared key authentication. The 802.11 client authentication process consists of the following transactions:

• Client broadcasts a probe request frame on every channel

• Access points within range respond with a probe response frame

• The client decides which access point (AP) is the best for access and sends an authentication request

• The access point will send an authentication reply

• Upon successful authentication, the client will send an association request frame to the access point

• The access point will reply with an association response

• The client is now able to pass traffic to the access point