What Is Wireless Security (O'ReillyNet) [LWN.net]

O'ReillyNet looks at security in wireless networks. "Network security in a wireless LAN environment is a unique challenge. Whereas wired networks send electrical signals or pulses through cables, wireless signals propagate through the air. Because of this, it is much easier to intercept wireless signals. This extra level of security complexity adds to the challenges network administrators already face with traditional wired networks. There are a number of extremely serious risks and dangers if wireless networks are left open and exposed to the outside world. This article covers the types of attacks wireless networks encounter, preventive measures to reduce the chance of attack, guidelines administrators can follow to protect their company's wireless LAN, and an excellent supply of online resources for setting up a secure wireless network."

to post comments

Speed and security

Posted Mar 31, 2006 20:11 UTC (Fri) by rvfh (guest, #31018) [Link] (2 responses)

Well, 802.11g maybe 54 Mbit/s link, but it would be more instructive to talk about payload rate, which will only reach 25 Mbit/s if you are very lucky, 20 Mbit/s being quite honorable already.

802.11b was about 6 Mbit/s with a good card, so we're closer to a 4 times ratio in reality.

The other thing that striked me was the absence of the words WPA and Radius. The best security seems to be achieved using WPA and a Radius server such as FreeRADIUS, WPA-PSK being the less difficult (no Radius server) version of it

Did I miss the point?

Speed and security

Posted Mar 31, 2006 21:12 UTC (Fri) by stefon (guest, #27441) [Link] (1 responses)

you are right...
i think that a summary about wireless security HAS to mention WPA, cause WEP is not secure and WPA is the next technology step.

802.11x overcomes the failings of 802.11x!

Posted Apr 1, 2006 0:33 UTC (Sat) by proski (guest, #104) [Link]

Indeed, very uninformed article. On the first page we read:

The IEEE 802.11x protocol provides a different approach to security and security management that overcomes the failings of 802.11x Wired Equivalent Privacy (WEP).

What does it mean? 802.11x overcomes the failings of 802.11x? For the clue, let's see the second page:

IEEE 802.11x is an IEEE standard for "port-based network access control."

Aha! The author appears to be deeply confused. That thing is called 802.1X, not "802.11x".

How about the "cut and paste protocol"? How about "research before post" protocol? Are they failing too?

What Is Wireless Security (O'ReillyNet)

Posted Apr 1, 2006 4:46 UTC (Sat) by shemminger (subscriber, #5739) [Link]

This article covers all the weak security stuff that is useless. Hidden SSid,
authenticated sessions. Wep attacks are not covered and WPA isn't even mentioned. Where was the editor?

What Is Wireless Security (O'ReillyNet)

Posted Apr 1, 2006 5:50 UTC (Sat) by jd (guest, #26381) [Link]

As others have noted the 802.1x blunder, I won't point that out. (Oops! Too late! :) However, there are many other forms of security which deserve a mention. IPSec, for example, or SK/IP. (Yes, Sun dropped that protocol, but it was designed for unreliable networks and wireless definitely counts as one.)

The article also assumes mobile workstations operating around a single basestation. This is fairly common but far from universal - any large corporation with physical warehousing is likely to have multiple basestations within the warehouse. Depending on setup, this may mean they are using Mobile IP.

That, of course, is only one case. As city-wide wireless networks are becoming increasingly common, there will be a greater demand for Mobile IP support for common, everyday wireless devices. Mobile IP is a major headache for security, as you have to be able to migrate entire active connections (and back-propagate routing changes) whenever a device moves from one access point to another. You have to have extremely sophisticated authentication to be able to do that fast enough to avoid breaking any of the active connections.

So far, I know of no actual mobile network (NEMO) installation - although it seems reasonable that if/when aircraft support wireless connections, they would use something along those lines. There may be other scenarios where they are useful. Regardless, you still have to keep them secure and the needs are INFINITELY greater when you start talking about upstream (therefore probably high-speed) routers, with router traffic in addition to regular user data streams, migrating between wireless access points.

NONE of this is covered in the article. The last part (NEMO) I can forgive. It's too rare. Mobile IP is less forgivable, as it is an area too few people understand how to secure, but where the right level of security is vital. The error with 802.1x and the lack of IPSec are totally unforgivable, as those are the only standards regarded as trustable.

What Is Wireless Security (O'ReillyNet)

Posted Apr 2, 2006 7:38 UTC (Sun) by neilbrown (subscriber, #359) [Link]

After reading all those comments, I haven't even bothered looking at the article, but I do wonder: is there a *good* article on wireless security somewhere?

If not, it seems that LWN's readership has the expertise to write one. Could someone volunteer? Or maybe there needs to be a wiki.lwn.net so that informed readers can colaborate on a really good article, under the editorial oversight of our friend Mr Corbet.....

Just a random idea.

What Is Wireless Security (O'ReillyNet)

Posted Apr 2, 2006 19:37 UTC (Sun) by cthulhu (guest, #4776) [Link] (1 responses)

Yep, article is totally lame. 802.11g is not a "new" standard, it was ratified almost 3 years ago. Nowadays, everybody's talking about the "Pre-N" stuff and MIMO.

Also, the security you want now is WPA2, definitely not WEP. WPA isn't bad, but WPA2 is better. WPA uses TKIP, which is a way of using all those WEP RC4 engines built in to the chipsets at the time. WPA2 uses AES, but also supports TKIP for backward compatibility.

Then you have the "Enterprise" and "Personal" versions of each of these. Personal simply means the equipment supports pre-shared keys (ie, you type them in yourself), while Enterprise means that, plus support for RADIUS and 802.1x stuff - obviously very important for large deployments.

Best place to find info about Wi-Fi security is here: http://www.wi-fi.org/knowledge_center/security/

Full disclosure: my company's a member of Wi-Fi and I go to all the meetings. Also, I'm not a security expert, except by comparison with the information in the article!

What Is Wireless Security (O'ReillyNet)

Posted Apr 7, 2006 20:19 UTC (Fri) by job (guest, #670) [Link]

It is best to avoid all kinds of wire-level security. It's simply a bad idea. If you need authenticated wireless sessions, just go with IPsec instead. It'll probably save your laptop battery as a bonus.