04-01-2013, 02:14 PM
A Paper On Wireless LAN: Security Issues and Solutions
Wireless LAN.doc (Size: 271.5 KB / Downloads: 37)
Executive Summary
Wireless LAN security has come a long way since the early days and the negative publicity around the shortcomings of WEP. Recent advances in WLAN technology and the ratification of key wireless security standards are giving CIOs and network administrators the high level of confidence in WLAN security that they have always needed. This paper will explain the key requirements of wireless security and how the CIO can make sure their enterprise network is protected.
To be effective, WLAN security must address three critical areas;
• Data Confidentiality and Integrity
• Authentication and Access Control
• Intrusion Detection and Prevention
Today’s WLAN systems incorporating WPA/WPA2 with AES encryption, in conjunction with 802.1x authentication, can provide a level of security for WLANs that can exceed the security of a wired LAN. At the same time wireless intrusion detection and prevention systems are becoming more capable and easier to manage. Even if you don’t have a WLAN in place, if you do not have a wireless security solution in place you are vulnerable to malicious attacks.
From the study carried out in July 2008 Siemens’ HiPath Wireless Manager provides a complete WLAN security solution. It is WPA/WPA certified to provide AES encryption for data confidentiality and 802.1x for network authentication. In addition, HiPath Wireless Manager HiGuard provides an innovative and adaptive solution for wireless intrusion detection and prevention. HiGuard provides three different operational modes; sensor-less, mixed and dedicated sensor modes to enable the wireless infrastructure to adapt to the organization’s needs.
By incorporating 802.11i-based solutions as part of a multilayered approach, enterprise network managers can reasonably ensure WLAN security. Although threat mitigation is an ongoing process, 802.11i and Advanced Encryption Standard (AES) provide WLANs with security as good as that available for wired LANs.
Introduction to WLAN
A wireless local area network (WLAN) is a flexible data communications system that can use either infrared or radio frequency technology to transmit and receive information over the air. In 1997, 802.11 was implemented as the first WLAN standard. It is based on radio technology operating in the 2.4 GHz frequency and has a maximum throughput of 1 to 2 Mbps. The currently most spread and deployed standard, IEEE 802.11b, was introduced late 1999. It still operates in the same frequency range, but with a maximum speed of 11 Mbps.
WLAN has been widely used in many sectors ranging from corporate, education, finance, healthcare, retail, manufacturing, and warehousing. According to a study by the Gartner Group, approximately 50 percent of company laptops around the world will be equipped for WLAN by 2006 [1]. It has increasingly becoming an important technology to satisfy the needs for installation flexibility, mobility, reduced cost-of-ownership, and scalability.
WLAN Components
One important advantage of WLAN is the simplicity of its installation. Installing a wireless LAN system is easy and can eliminate the needs to pull cable through walls and ceilings. The physical architecture of WLAN is quite simple. Basic components of a WLAN are access points (APs) and Network Interface Cards (NICs)/client adapters.
Access Points
Access Point (AP) is essentially the wireless equivalent of a LAN hub. It is typically connected with the wired backbone through a standard Ethernet cable, and communicates with wireless devices by means of an antenna. An AP operates within a specific frequency spectrum and uses 802.11 standard specified modulation techniques. It also informs the wireless clients of its availability, and authenticates and associates wireless clients to the wireless network.
Network Interface Cards (NIC’s)/client adapters
Wireless client adapters connect PC or workstation to a wireless network either in ad hoc peer-to-peer mode or in infrastructure mode with APs (will be discussed in the following section). Available in PCMCIA (Personal Computer Memory Card International Association) card and PCI (Peripheral Component Interconnect), it connects desktop and mobile computing devices wirelessly to all network resources. The NIC scans the available frequency spectrum for connectivity and associates it to an access point or another wireless client. It is coupled to the PC/workstation operating system using a software driver. The NIC enables new employees to be connected instantly to the network and enable Internet access in conference rooms.
Types of Wireless LANs
• Peer-to-peer: An ad-hoc network also called WiFi Direct network is a network where stations communicate only peer to peer (P2P). There is no base and no one gives permission to talk. This is accomplished using the Independent Basic Service Set (IBSS).
• Bridge: A bridge can be used to connect networks, typically of different types. A wireless Ethernet bridge allows the connection of devices on a wired Ethernet network to a wireless network. The bridge acts as the connection point to the Wireless LAN.
The Current state of WLAN Security
Even after a decade of availability and promising commercial successes, security remains the number one concern for enterprise WLAN deployments [2]. According to Joanie Wexler’s 2007 WLAN State-of-the Market report, just over half (53%) of the global respondents identified security issues as their primary concern. The good news is that this is a significant decrease from the 2006 study where over 70% of respondents were concerned about WLAN security. Is the anxiety over WLAN security fact or fiction, perception or reality? And what recent developments account for the growing comfort with WLAN security?
The WLAN Security Policy
It is important that organizations develop, educate and enforce an enterprise-wide WLAN security policy. The policy should outline a framework for the development of installation, protection, management, and usage procedures. A WLAN security policy must be flexible in terms of the technologies it can support. WLANs enable access by laptops, PDAs, smart phones and more, each with different features, capabilities and security requirements. This diverse set of clients cannot be secured with a “one size fits all” policy. In addition, most WLANs are designed with end-user mobility and productivity in mind. The challenge for IT staff is to develop security options that support end-user requirements. Finally, WLAN security policies must integrate with the organization’s wired network security scheme to ensure seamless protection across the organization. While WLANs present unique security challenges, security is still dependent on controlling who has access to specific information.
Conclusion
The general idea of WLAN was basically to provide a wireless network infrastructure comparable to the wired Ethernet networks in use. It has since evolved and is still currently evolving very rapidly towards offering fast connection capabilities within larger areas. However, this extension of physical boundaries provides expanded access to both authorized and unauthorized users that make it inherently less secure than wired networks.
WLAN vulnerabilities are mainly caused by WEP as its security protocol.
However, these problems can be solved with the new standards, such as 802.11i, which is planned to be released later this year. For the time being, WLAN users can protect their networks by practicing the suggested actions that are mentioned in this paper based on the cost and the level of security that they wish.
However, there will be no complete fix for the existing vulnerabilities. All in all, the very best way to secure WLAN is to have the security knowledge, proper implementation, and continued maintenance.