Conclusion

The benefit of wireless networks is driving the explosive growth of the WLAN market. Where security has been the single largest concern for wireless network deployment in the corporate setting, strong security solutions are available to make wireless networks as secure as wired networks.

Wi-Fi Protected Access (WPA) overcomes the inherent flaws of early wireless networks. WPA uses TKIP at the physical layer, and 802.1X security for user authentication create the basis for strong wireless network security. WPA is capable of preventing most sophisticated attacks on wireless networks, and there are no known tools available to crack this level of wireless security.

It's best to think about a layered approach for wireless security. WPA using a combination of physical layer security (TKIP) combined with 802.1X user authentication offers a pragmatic, economical security mechanism to meet the requirements of most corporate environments. For environments that require a more robust security, such as triple DES encryption, VPN tunnels can be layered on top of 802.1X security for a more comprehensive solution.

This approach offers a pragmatic solution to wireless security and can resolve the single largest barrier to WLAN deployment for IT managers. A cost-effective solution using 802.1X security can be deployed to deny access to any user without the proper credentials, and provide strong security for wireless networks.

Five Rules for WLAN Security

1. Activate Physical Layer Security. While WEP has its weaknesses, TKIP, specified as part of WPA, provides a base level of security. When combined with 802.1X (see rule 3) it provides a very strong level of security.

2. Don’t Broadcast or Use Default SSIDs. By changing the default SSID and configuring the access point not to broadcast the SSID, the most common sniffing tools can be rendered useless.

3. Use 802.1X User Authentication. When access points are configured to support 802.1X, users are not allowed on the network without proper credentials (user name/password or certificates). Once authenticated, the client and access point are provided with unique, random session keys to encrypt the data transfers.

4. Implement Personal Firewalls. Even if a hacker is able to associate with an access point, the personal firewall will prevent them from accessing files on a user device on the same WLAN.

5. Use VPNs Where Triple DES Encryption is Required. Specific environments like government and financial industries require 3DES security for all network transmissions. In these environments, VPNs should be used on top of 802.1X security.