Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

W O R K S H O P

WLAN Security on the Rise

February 4, 2002
By Dave Molta

>> continued from previous page

Defining Key Terms


	Print Full Article Print This Page Download the PDF E-Mail This URL

EAP: The Extensible Authentication Protocol is an extension of the PPP protocol defined in RFC 2284. EAP is a general authentication protocol that supports multiple authentication methods, including traditional passwords, token cards, Kerberos, digital certificates and public-key authentication.

802.11: The committee behind this standard is responsible for defining WLAN standards. To do so, it organizes into specialized task groups that are responsible for certain elements of what is an evolving set of standards. Task Group I is responsible for enhancing the existing 802.11 MAC (Media Access Control) standard to provide improved security. This eventually will include strong encryption and standards-based authentication.

802.1X: This IEEE standard can be used as a basis for authentication on all 802 networks, including Ethernet, token ring and WLANs. IEEE 802.1X specifies how EAP information should be encapsulated in frames. To be useful in enabling WLAN security, 802.1X must be supported by WLAN infrastructure equipment as well as mobile-device operating systems.

MAC ACLs: These access-control lists are implemented based on the MAC address of a device, which is normally set in ROM by the manufacturer. Many 802.11 product manufacturers provide capabilities for restricting access to the WLAN based on a table of MAC addresses stored on the access point. Some vendors provide management utilities that let these MAC ACLs be distributed to multiple access points within an organization.

SSID: Service set identifier is a unique identifier that wireless access points and wireless nodes use to communicate with each other. The SSID is contained within the header of all packets exchanged within a defined WLAN BSS (basic service set). A device cannot be permitted to join the BSS unless it can provide the unique SSID. However, because most access points broadcast their SSIDs and the SSID is contained in plain text in all packets (even if WEP encryption is used), there is no effective way to secure SSIDs.

VPN: A virtual private network provides access to secure information over insecure networks using one of a variety of tunneling protocols, including PPTP, L2TP and IPsec. A VPN gateway is a device that acts as the interface between secure and insecure networks. To gain access to resources, network devices must support the appropriate tunneling and authentication protocols. VPNs have traditionally been deployed to securely interconnect sites using the public Internet instead of leased lines or frame relay and to provide secure dial-up access to secure systems over the public Internet.

WEP: Wired Equivalent Privacy is an optional encryption standard defined by the IEEE 802.11 committee and implemented in most WLAN products. To gain WiFi (Wireless Fidelity) certification by the Wireless Ethernet Compatibility Alliance (WECA), products must support 40-bit WEP. Most vendors also support 128-bit WEP. WEP was designed to provide the security equivalent to a wired LAN and was not originally envisioned as a bullet-proof security architecture. WEP's architecture has been shown to be flawed, and tools are available that can effectively break WEP encryption through passive hacking.