Wireless LAN – WLAN
BAT54-Rail/F..
Release
7.54
06/08
3.2
Development of WLAN security
33
3.2 Development of WLAN
security
The WLAN standards WPA and 802.11i are currently redeeming the reputa-
tion of WLAN security, an issue which has recently been under attack. The
processes incorporated into the original standard proved insufficient in prac-
tice. This lack led on the one hand to a series of proprietary extensions of the
standard, like "CKIP" from Cisco, or "KeyGuard" from Symbol Technologies,
and on the other hand to solutions which offered the required security on
higher protocol layers with tools like PPTP or IPSec. All these processes are
quite functional, but they introduce limitations, for instance those relative to
interoperability or data transmission rates.
In the standard 802.11i released in Summer, 2004, the IEEE Committee has
redefined the topic "WLAN and security" from the ground up. The result is a
set of standardized methods that enable the construction of secure and man-
ufacturer-independent WLANs in line with current standards.
On the way from the original WEP of the 802.11 standard to 802.11i, a whole
series of concepts have arisen that have tended to increase confusion and
insecurity among the users. This chapter should help to explain the concepts
and the processes used, in chronological order of their development.
3.2.1 Some basic concepts
Even though one constantly hears the blanket term 'Security' when talking
about computer networks, it is still important for the coming exposition to dif-
ferentiate a little more closely between the requirements it actually entails.
U Authentication
The first point in security is access security:
D Here, a protective mechanism is involved which allows access to the net-
work only to authorized users.
D On the other hand, however, it must also be ensured that the client is con-
nected to the precise desired access point, and not with some other ac-
cess point with the same name which has been smuggled in by some
nefarious third party. Such an authentication can be provided, for exam-
ple, using certificates or passwords.
To Next Page
Loading...
Need help?
General
