ABSTRACT
The rapid deployment of wireless LANs is testimony to the inherent benefits of this technology. Unfortunately, most wireless deployments are, at this time, fundamentally insecure. This chapter provides an overview of security issues, explains how security works inWi-Fi networks, and explores
various security and authentication protocols. The chapter starts with a coverage of the basic elements of IEEE 802.11. It describes the types of messages that are exchanged and explains how a portable device can find, select, and connect to an access point (AP). This chapter contains a moderate amount of detail to highlight some of the security risks between Wi-Fi components. We will see how the Wi-Fi LAN fits into a stack of layers between the operating system and the wireless medium. The security mechanisms are tied up with the process of making connections and passing data. This chapter also outlines why Wi-Fi networks are vulnerable to attacks and what type of attackers one might encounter. By understanding the motivations and resources of attackers, an efficient security policy can be established. After introducing the overall message exchange between the components, the chapter digs deeply and laboriously into the security protocols for Wi-Fi. It describes the original Wi-Fi security approach, Wired Equivalent Privacy (WEP), and explains why this method is no longer considered secure. It then covers the new approaches of Wi-Fi Protected Access (WPA) and 802.11i Robust Security Networks (RSNs) both of which are scalable from small networks of few devices up to international corporations. This part also describes several methods that can be used in conjunction with RSN and WPA Wi-Fi networks. It introduces some of the protocols that are central to the new security solutions starting with access control, which are built around the IEEE 802.1X standard. This section also looks at the upper-level authentication protocols covering the way that Transport Layer Security and Kerberos V5 work and how they can be applied to Wi-Fi security.
