Wireless LANs - Standards and security

Del Smith CCNA, CCA, MCSE Tech Republic

Published: 08 May 2002 09:42 BST

Wireless bridges enable high-speed long-range outdoor links between buildings (Figure B). The high-speed links between the wireless bridges deliver throughput several times faster than T-1 lines at distances up to 25 miles. Based on line-of-sight, wireless bridges are not affected by obstacles such as freeways, railroads, and bodies of water, which typically pose a problem for copper and fiber-optic cable. Wireless bridges are often the ideal choice for campus environments where the cost of multiple T-1 lines or fiber runs can be very costly.

Figure B

Wireless can also be used for building-to-building connectivity.

The question of wireless security
No wireless project should be implemented without a lengthy discussion of security. Over the past year, much has been written about the vulnerabilities of 802.11 wireless LANs. Older forms of security on WLANs included the SSID, which was not really a security method at all, since the SSID can easily be retrieved by sniffing the network.

Authentication based on MAC filters was found inappropriate because they, too, could be sniffed on the network, and the allowable MACs could be spoofed. Newer 802.11 security uses 128-bit Wireless Encryption Privacy (WEP) for data encryption, along with shared key authentication. Unfortunately, researchers have recently identified holes in WEP that let attackers learn the keys used to encrypt 802.11b traffic.

So how does an organisation protect its wireless LAN access? The IEEE has a new security standard called 802.1X that may provide the best solution. The 802.1X standard takes authentication away from access points and places it in an authentication server such as RADIUS or Kerberos. It uses the current Extensible Authentication Protocol (EAP) commonly used in PPP to control access. The 802.1X standard allows for the use of dynamically generated WEP keys on a per-session, per-user basis in place of a static WEP key placed in the access point. There are still weaknesses with this technology, and it has yet to be ratified and implemented by many vendors. So, at this time, encryption (usually in the form of VPN), traffic filtering, and other basic security restrictions on wireless network access in sensitive areas are still the best options for ensuring a secure wireless network.

Summary
As changes are in the works to establish new 802.11 standards and improve security, wireless LANs are moving into corporate America at an increasing rate. Who knows? In a few short years, wireless networks may be as commonplace as their wired counterparts.

Have your say instantly in the Tech Update forum.

Find out what's where in the new Tech Update with our Guided Tour.

Let the editors know what you think in the Mailroom.