I've received several messages in response to the tip "Wireless Network Security," June 15, 2001, InstantDoc ID 20630, in which I point out that proper configuration of a wireless network uses your NICs' media access control (MAC) addresses to control access. Some readers disagreed with my assessment of these networks' security and pointed out flaws in the IEEE 802.11b standard's Wired Equivalent Privacy (WEP) feature, which is used by default in many wireless networks.
Several factors come into play in any wireless environment. In a traditional LAN, an Ethernet port on the LAN controls access. In a wireless LAN (WLAN), however, an information server uses radio waves—which can pass through walls, ceilings, and closed doors—to transmit data. Thus, any WLAN client can gain access to any information in any area that the information server controls. Without a direct-port requirement for access, how does a WLAN maintain security?
The 802.11b protocol provides two basic ways to establish security: Service Set Identifiers (SSIDs) and WEP. SSIDs are nothing more than naming devices, with little or no security involved or implied. WEP is an optional encryption scheme in which one key accounts for encryption and decryption of wireless data.
Some WEP systems use 40-bit encryption keys—a capability that many administrators accept as a sign of secure transmission. However, a portion of the WEP message is transmitted in clear text. An intruder can capture this portion and translate the encrypted message. Because most WEP implementations use static WEP IDs, WEP becomes difficult to manage and easy to compromise as the number of clients increases.
Some wireless authentication is based on a wireless NIC's MAC address: If a device's MAC address doesn't match the listed address in the wireless server site, the device can't gain access to the network. But an intruder who gains access to both the 802.11 control and data channels can obtain information about your wireless Access Points' (APs') and internal hosts' MAC addresses. (For more information about 802.11 and WEP, see Shon Harris, "802.11 Security Shortcomings," December 2001, InstantDoc ID 22934, and Mark Weitz, Market Watch, "802.11 Wireless LANs," http://www.winnetmag.com, InstantDoc ID 23322.)
So how can you achieve true security on a WLAN? Cisco Systems and Microsoft are developing several new approaches that share a similar scheme, basing authentication on device-independent variables such as usernames and passwords and dynamically generated WEP keys. (For more information about some of the security problems inherent in 802.11 WEP and Cisco's approach to these problems, see http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1327_pp.htm.)
