Wan Secuirty, A Brief Look
One of the biggest problems of wireless networks is security. War driving is a term used in the old days of hacking when a person would continually dial phone numbers until he eventually dialed a number of a computer system and then would try to hack into it using various methods. Today, the term is commonly used to describe hackers that roam around with a laptop and 802.11b/g NIC trying to find WLANs to break into. Most WLAN solutions support some form of security features; however, it is really surprising about the number of SOHO companies and home users that don’t implement these features, basically allowing someone who is driving by to get free Internet access or worse, opening up their network to other forms of attacks. The following sections discuss some common threats WLANs face and security solutions you can implement to mitigate these threats.
A good WLAN security solution should provide for the following:
■ Encryption Protect data transmitted between the edge WLAN device and
the access point, providing privacy and confidentiality
■ Authentication Control who is allowed to access LANs behind the WLAN
■ Intrusion prevention system (IPS) Protect the network by detecting and
preventing network and unauthorized access attacks
SSID and MAC Address Filtering
When implementing SSIDs, the AP and client must use the same SSID value to authenticate. By default, the access point broadcasts the SSID value, advertising its presence, basically allowing anyone access to the AP. Originally, to prevent rogue devices from accessing the AP, the administrator would turn off the SSID broadcast function on the AP, commonly called SSID cloaking. To allow a client to learn the SSID value of the AP, the client would send a null string value in the SSID field of the 802.11 frame and the AP would respond; of course, this defeats the security measure since through this query process, a rogue device could repeat the same process and learn the SSID value. Therefore, the APs were commonly configured to filter traffic based on MAC addresses. The administrator would configure a list of MAC addresses in a security table on the AP, listing those devices allowed access; however, the problem with this solution is that MAC addresses can be seen in clear-text in the airwaves. A rogue device can easily sniff the airwaves, see the valid MAC addresses, and change its MAC address to match one of the valid ones. This is called MAC address spoofing.