Wireless Networks Security: Unlike the relative simplicity of wired Ethernet deployments, 802.11-based wireless LANs broadcast RF data for the client stations to hear. This presents new and complex security issues that involve augmenting the 802.11 standard. Read more about wireless network security software, Cisco wireless security and WEP.

---

from Cisco Systems Inc.

1. Introduction
Since the ratification of the IEEE 802.11b standard in 1999, wireless LANs have become more prevalent. Today, wireless LANs are widely deployed in places such as corporate office conference rooms, industrial warehouses, Internet-ready classrooms, and even coffeehouses. These IEEE 802.11-based wireless LANs present new challenges for network administrators and information security administrators alike. Unlike the relative simplicity of wired Ethernet deployments, 802.11-based wireless LANs broadcast radio-frequency (RF) data for the client stations to hear.

This presents new and complex security issues that involve augmenting the 802.11 standard. Security in the IEEE 802.11 specification—which applies to 802.11b, 802.11a, and 802.11g—has come under intense scrutiny. Researchers have exposed several vulnerabilities in the authentication, data-privacy, and message-integrity mechanisms defined in the specification. This white paper:

• Reviews the authentication and data-privacy functions described in Clause 8 of the IEEE 802.11 specification
• Describes the inherent security vulnerabilities and management issues of these functions
• Explains howsecurity issues can be addressed effectively only by augmenting the 802.11 security standard
• Examines Cisco Systems architecture for enhanced security on wireless LANs—including the Cisco Wireless Security Suite
• Looks ahead to long-term security enhancements

2. 802.11 Authentication and Its Weaknesses
Wireless LANs, because of their broadcast nature, require the addition of:

• User authentication to prevent unauthorized access to network resources
• Data privacy to protect the integrity and privacy of transmitted data

The 802.11 specification stipulates two mechanisms for authenticating wireless LAN clients: open authentication and shared key authentication. Two other mechanisms—the Service Set Identifier (SSID) and authentication by client Media Access Control (MAC) address—are also commonly used. This section explains each approach and its weaknesses.

The use of Wired Equivalent Privacy (WEP) keys can function as a type of access control because a client that lacks the correct WEP key cannot send data to or receive data from an access point. WEP, the encryption scheme adopted by the IEEE 802.11 committee, provides encryption with 40 bits or 104 bits of key strength. A subsequent section of this paper discusses WEP and its weaknesses in greater detail.

2.1. Service Set Identifier
The SSID is a construct that allows logical separation of wireless LANs. In general, a client must be configured with the appropriate SSID to gain access to the wireless LAN. The SSID does not provide any data-privacy functions, nor does it truly authenticate the client to the access point.

2.2. 802.11 Station Authentication
Authentication in the 802.11 specification is based on authenticating a wireless station or device instead of authenticating a user. The specification provides for two modes of authentication: open authentication and shared key authentication.

The 802.11 client authentication process consists of the following transactions:

1. Client broadcasts a probe request frame on every channel
2. Access points within range respond with a probe response frame
3. The client decides which access point (AP) is the best for access and sends an authentication request
4. The access point will send an authentication reply
5. Upon successful authentication, the client will send an association request frame to the access point
6. The access point will reply with an association response
7. The client is now able to pass traffic to the access point