Problem solve Get help with specific problems with your technologies, process and projects.

What are some recent developments in WLAN security?

Wireless LANs have been plagued by security problems ever since Fluhrer, Mantin, Shamir published their paper illustrating how wireless security could be broken. I would like to ask about the problems with WLAN security at a general level and what developments are taking place to remove them?
WLAN security has been radically improved since the FMS attack against Wired Equivalent Privacy (WEP) was documented in 2001.

A pre-standard replacement for WEP, Wi-Fi Protected Access (WPA), has been available since 2003 and you won't find any new Wi-Fi products today without WPA. The 802.11i enhanced security standard was finalized last summer; products with those improvements (branded WPA2) have been commercially available since September 2004. WPA and WPA2 data encryption cannot be cracked using FMS or other WEP cracking techniques. WPA/WPA2 also cryptographically protect against data insertion and replay, so that forged data frames can be detected and discarded. The cipher used by WPA2 -- the advanced encryption standard -- is more efficient than the older WPA. WPA was a transitional step so that WEP products could be upgraded with firmware, but hardware shipping today is generally capable of supporting WPA2.

Data protection is only one part of wireless security. Preventing network access by unauthorized stations is crucial, and WEP did a poor job of that too. To fix this, WPA and WPA2 support two authentication options: PreShared Keys (PSKs) for home use, or 802.1X for enterprise use. Short, simple PSKs are vulnerable to dictionary attack, so anyone using WPA-PSK (or WPA2-PSK) should choose PSKs that are at least 20 characters long and hard to guess. Most businesses should use 802.1X instead to authenticate individual users with enterprise-grade credentials (e.g., SecurID tokens, SIM cards, digital certificates). 802.1X is an open-ended framework for controlling access to LAN ports (in this case, wireless APs). Work continues to define new Extensible Authentication Protocol (EAP) types that support different kinds of user credentials. To learn more, visit Bernard Aboba's 802.11 security page.

802.11 data protection, access control and authentication have been completely overhauled, but 802.11 remains vulnerable to denial of service attacks. 802.11 and other radio technologies suffer from the simple fact that you can't stop other devices from listening to or emitting RF energy. Data can be obscured with encryption, but attackers can still capture frames, learn about your WLAN (like the MAC addresses used by your APs and stations), and then transmit forged management or control frames to disrupt service. Unlike data frames, 802.11 management and control frames are not cryptographically protected, so attackers can (for example) flood the air with deauthenticates to kick users off the WLAN and keep them off.

Even if this loophole were closed, attackers could still "jam" radio channels with non-802.11 transmissions, interfering with other uses of that shared medium. Radio networks using licensed spectrum -- like cellular networks -- rely on laws and frequency ownership to discourage this behavior. But the unlicensed spectrum occupied by 802.11, Bluetooth, etc., is a "free for all" zone. You don't have to get permission to install a WLAN in your home or business, but neither does your neighbor or the guy sitting out in the parking lot. So denial of service is probably a security issue that's here to stay.

On the other hand, many product innovations are being made in WLAN monitoring and radio management. These improvements do not rely on standards, per se, but enhance security by improving visibility into attacks and interference, and reacting in real-time to circumvent problems. For example, many WLAN switches now manage channel assignments and power outputs, moving an AP from a crowded channel to a less congested channel. Many wireless intrusion detection products now provide intrusion prevention features that automatically "block" rogue devices to stop them from penetrating your wired network via wireless. These and other management/monitoring techniques will become increasingly important as WLANs mature, going well beyond basic link security to create robust business networks.

This was last published in September 2005

Dig Deeper on Wireless LAN (WLAN)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.