Securing 802.11 wireless LANs
Wireless LANs often propagate data to areas outside the physical control of an
organization. Radio waves penetrate building walls and can be received in the office
next door, a facility's parking lot, and possibly a couple blocks away. Do you worry
that someone could retrieve your company's sensitive information by lurking nearby with
a PC equipped with the wireless network interface card your organization uses?
Relax -- it's not that easy.
An IEEE 802.11 wireless station will not process data over the wireless network
unless its network ID, also called a Basic Service Set Identification, is the same as
other stations on the network. Sent in every 802.11 data packet, the network ID is a
six-byte code word that distinguishes one wireless LAN from another. Access points
check the network ID when each station initiates a connection to the network. If the ID
doesn't match the one stored in the access point, then the station cannot establish a
connection to the wireless LAN. Thus, an intruder must obtain the network ID necessary
to join the network. This should be difficult, assuming you keep the network ID codes
With the correct network ID, someone could configure a portable computer with an
appropriate radio card and gain access to your wireless LAN. The trespasser shouldn't
get very far, however, if your servers and applications require a username and
password. Always invoke security mechanisms when giving users access to sensitive
applications and data.
You can provide another level of security by using 802.11's Wireless Equivalent
Privacy (WEP) protocol. Most
wireless LAN vendors offer WEP as an option for their
standard radio cards and access points.
One WEP feature, shared key authentication, ensures that only authorized stations
can access the wireless LAN. Shared key authentication operates as follows:
- A station requesting 802.11 service sends an authentication frame to another
- When a station receives an initial authentication frame, the station replies with
an authentication frame containing 128 octets of challenge text.
- The requesting station copies the challenge text into an authentication frame,
encrypts it with a shared key using the WEP service, and sends the frame to the
- The receiving station decrypts the challenge text using the same shared key and
compares it to the challenge text sent earlier. If they match, the receiving station
replies with an authentication acknowledgement. If not, the station sends a negative
Another way to compromise a wireless LAN is to use specialized equipment to capture
information bits being sent over the air, decode them, and read the contents of email,
files, or financial transactions. This doesn't necessarily require the network ID
because the monitoring equipment doesn't need to establish a connection to the wireless
LAN. The equipment passively listens to the transmissions as they propagate through the
air. However, this process does require the proper monitoring equipment to correctly
demodulate the received spread spectrum signal.
This security problem also exists with wired Ethernet networks, but to a lesser
degree. Current flow through the wires emits electromagnetic waves that can be received
with sensitive listening equipment. This method necessitates a much closer proximity to
the cable to receive the signal, so the intruder must generally be within the physical
boundaries of the company.
To avoid this problem on the wireless LAN, use WEP to encrypt transmissions between
stations to avoid disclosure to eavesdroppers. WEP uses the href="http://www.ncat.edu/~grogans/algorithm_history_and_descriptio.htm">RC4 encryption
engine and a 40-bit key. Stations can also utilize WEP without authentication
services, but I recommend implementing both WEP and authentication to minimize your
vulnerability to packet snooping.
Stay tuned. Next time we'll discuss the wireless middleware that is critical for
maintaining reliable communications over a wireless network.