Michéle Germain ComXper, France Alexis Ferrero RTL, France Jouni Karvo TKK, Finland
Copyright © 2008, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
intrOductiOn
The ease of deploying wireless local area network (WLAN) systems and the abundance of afford- able IEEE 802.11 WLAN-based products on the market makes the idea of a wireless office luring. Offices using laptops as workstations can benefit from the ease of bringing a laptop to the meeting and preserving network connectivity. The WLAN connectivity can also be used for salesmen and executives who are on a tour to communicate with
the office when residing within hot-spot areas. This ease and flexibility comes with a price–wireless local area networks are inherently insecure when compared to the wired networks.
There are various applications of wireless networks. The first of them is the hot spot, which provides in a public (or private) place, an open radio infrastructure that allows everyone to get an Internet connection or to join the Intranet of his enterprise. A second application is the enterprise WLAN, which completes or replaces a legacy
AbstrAct
Using WLAN networks in enterprises has become a popular method for providing connectivity. We present the security threats of WLAN networks, and the basic mechanisms for protecting the network. We also give some advice on avoiding the threats.
Wireless Local Area Network Security
wired network. This has also place in the SoHo or domestic environment for sharing an ADSL connection between several users. WLAN pro- vide also nice network possibility in areas where cabling is impossible or restricted. A last case is the constitution of wireless bridges between nets or subnets.
Such wireless networks present specific vul- nerabilities due to the radio media and are subject to specific threats from the hackers. The object of this paper is to identify them and to explain how to avoid them.
The WLAN connections are based on a ra- dio connection in unlicensed 2.4 or 5GHz radio band, depending of the WLAN type. The radio waves broadcast, and most antennae of a typical WLAN equipment are not designed to produce directed radio beams, but they transmit freely to all directions. Thus, in addition to the intended receiver, any other receiver that is close enough can receive the signal. This is fundamentally dif- ferent from the wired networks, such as Ethernet, where in order to listen to the traffic, one needs to get physical access to the networking equipment, or at least cabling.
The transmission for typical WLAN equip- ment ranges up to the order of 50 m. Even if the range is short, low-level signal can be received at a longer distances, of even some kilometres, using illicit antennae and high sensitivity receiv- ers. Walls, ceilings and other such constructions reduce the transmission ranges significantly–de- pending on the materials that are on the radio signal’s way.
Thus, there are several concerns on the ac- cessibility of the radio signal. First, the signal may easily be heard outside the premises of the office. Second, the guests visiting the offices are often able to carry in a laptop, thus being able to listen and even connect to the company’s network without being suspicious, unless the network is properly protected.
The security of WLAN is a major concern of Network Administrators, on the one hand because
multiple (true or false) weaknesses have been reported and amplified by the papers and on the other hand because it is a new technology with multiple new aspects to take in consideration. From the network administrator’s point of view, it is not conceivable to deploy a radio network in complement of his existing network if it introduces vulnerability. To avoid this, standardisation bod- ies and forums, in particular the IEEE, as well as manufacturers, have worked to develop security mechanisms well suited to this kind of networks. This chapter describes the security features of IEEE 802.11 wireless local area networks, and shows their weaknesses. We present the associated threats with some practical defence strategies.
scope
This chapter deals with wireless LAN’s built on wired infrastructures that support one or more radio bases, so-named “access points” (AP). The
infrastructure may also support fixed stations.
Mobile stations take service from the access points (see Figure 1).
The following is mainly for Wi-Fi technology based on the 801.11 standard of the IEEE, which is presently the most commonly used one. Other technologies will be mentioned later. Wi-Fi is
an interoperability label for 802.11 equipment, delivered by the Wi-Fi Alliance (previously WECA).
Ad-hoc networks that operate without any kind of infrastructure and in which routing is performed by the mobile stations (that act both as routers and as terminals) are not taken into consideration here.
bAckgrOund
IEEE 802.11 wireless LAN networks come in
many varieties. The original standard, IEEE
802.11 from 1997 specifies data rates of 1 to 2 megabits per second and has radio and infrared
Wireless Local Area Network Security
connectivity as options. The standard includes authentication and association procedures, and support for privacy. Several standard versions have since emerged, each pushing the limits in data rates (11Mbps for 802.11b, 54 Mbps for 802.11a and 802.11g, all using radio transmission for communications) or new features for QoS (802.11e), network management (802.11h) or se- curity features (802.11i). In common parlance, all the different versions are just called IEEE 802.11 wireless local area network.
There are also other local area network tech- nologies, such as the ETSI HiperLAN, but the IEEE 802.11 WLAN products have an overwhelm- ing market position, and is a de-facto standard. The WLAN network equipment is common and cheap, and while the cellular networks have also security holes that can be misused, the abundance of available radio equipment for WLAN networks makes them much more vulnerable to attacks.
There can be different objectives for securing a company’s WLAN network, such as:
• Preventing unauthorized use. For example, preventing sending mass e-mail from the company’s network or preventing attempts
to attack other institution’s computer infra- structure from the company’s network. • Protecting the company’s sensitive infor-
mation. For example, protecting industrial property rights, tender documents, etc. Each of these objectives may require different priorities for security measures.