|
Objective 5.5
Plan Security for Wireless Networks
18-29
Objective 5.5
Plan Security for Wireless
Networks
Wireless networking has existed for many years, but it is only recently,
with the publi-
cation of the 802.11 series of standards by the Institute of Electrical and
Electronic Engi-
neers (IEEE), that wireless local area networking (WLAN) technologies have
become mainstream products. The 802.11b standard defines a WLAN technology
run-
ning at speeds up to 11 megabits per second (Mbps). This was the first
affordable wire-
less standard to provide performance comparable to that of a cabled LAN. The
802.11a
and 802.11g standards provide wireless networking at greater speeds, up to
54 Mbps.
WLANs can use two topologies: ad hoc and infrastructure. An ad hoc topology
con-
sists of two or more computers equipped with wireless network interface
adapters that
communicate directly with each other. An infrastructure topology consists of
wire-
less computers that communicate with an access point, which provides a
connection
to a standard cabled network. An access point is a WLAN transceiver that is
also
attached to the cabled network, using a standard Ethernet (or other
data-link layer pro-
tocol) connection. Wireless systems in an infrastructure topology can
communicate
with each other, but they do so through the access point; they cannot
communicate
directly.
Because WLAN network interface adapters and access points transmit their
network
packets using radio signals, they present a significant natural security
risk. WLAN sig-
nals are omnidirectional, extending to the specified range of the equipment.
Any com-
patible device within transmission range can therefore transmit and receive
the WLAN
signals, enabling an unauthorized user to connect to the network or capture
the pack-
ets transmitted by other users, compromising the data inside. Depending on
the range
of your equipment and where you locate your access points, unauthorized
users might
even be able to access your WLAN from outside the building, unless you take
steps to
protect the network.
To provide security for a wireless network, you must first create an
environment in
which users are authenticated and authorized before they are able to send
data to and
receive it from an access point. Authentication and authorization prevent
unknown
users from connecting to the wireless network, but they do not prevent
eavesdroppers
from capturing the data packets transmitted by wireless systems. To do this,
you must
configure the wireless devices to encrypt all the data they transmit. The
most com-
monly used security mechanisms on WLANs are the following:
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)