Nilesh.org Notes on technology and everything else

That's a difficult question.

• The 802.11b standard uses what is called as Wired Equivalent Privacy. In this, a secret key is shared between the client and the access point. The issue is that the encryption key length is only 40-bit which is way below decent levels . This has lead to crackers roaming around searching for wireless netowrks waiting to be cracked. They do war-walking, war-riding, war-driving and war-chalking to identify open WLANs.
• Also, given the commonness of equipment available for the 2.4Ghz band (on which 802.11b operates) like microwaves, cordless phones, etc. , a cracker hardly needs time to jam the band with junk signals.
• DHCP servers happily lend out ip addresses to all people even before verifying if the user is valid.

There are some people like NASA who have a work around for the WEP problem using OpenBSD ;) but then everyone is not that smart. So, the IEEE guys have now thought long term and belted out a couple of security standards for Wi-Fi (802.11b and 802.11a now jointly fall in the Wi-Fi specification) namely the 802.1x standard. This standard provides a framework for authentication (EAP), access control and key management. Couple this with central AAA servers for authentication and access control, you get somewhat secure system. Additionally the 802.11a standard supports upto 54Mbps transfer rates. This means that one can use IPSEC for point to point communication without worrying too much about network performance. Wireless VPNs alongwith the 802.1x standard can help reach a reasonable level of security. Some points I thought of that are useful while implementing a WLAN:

• Use 802.11a. Dump 802.11b 802.11a with better transfer rates, low noise band(5Ghz) and better modulation is the better choice.
• Implement mutual authentication mechanisms. e.g. 802.1x security standard.
• Use a Radius server to authenticate the user even before he tries to send a packet on the wirless network. yes, this is possible using 802.1x (with EAP)
• After proper authentication, the client is assigned an ip address. The access point, which he is closest to, also gets a list of what the client should and what it should not access on the network, basically the access control policy as applicable to the client.
• Use fixed ip addresses for clients. Enable mac address binding on the access point.
• Put up firewalls on the interfaces between WLANs and the mainline wired network.
• Put up IDSs on access points which are critical.
• Use VPNs. They provide excellent security for critical data communication.

Some Pointers:

• Security of the WEP algorithm
• Wireless LAN Security FAQ
• 802.11 Alphabet Soup
• Guarding Against WLAN Security Threats
• Minimizing WLAN Security Threats
• Airsnort FAQ
• Using the Fluhrer, Mantin, and Shamir Attack to Break WEP
• NetStumbler
• 802.11g: The Next Best Thing or the Next Last Thing
• 802.11a/b Site Survey: A Testimonial