How to Make Wireless Networks Secure
by Michele Lewington - Managing Director of Network Utilities (Systems) Ltd - Wednesday, 26 March 2003
In addition to the security problems this method introduced, it also didn't scale well. The MAC address for each user must be stored on each AP on the wireless LAN, creating a cumbersome management scenario and increasing the possibility of security breaches due to administrative oversight.

Data privacy was provided for via a sub-protocol called wired equivalent privacy, or WEP, intended to provide the same level of security found in a wired LAN. As it turned out, first-generation implementations of WEP did not provide this level of security. In fact, numerous published reports, the latest prepared by AT&T, demonstrated convincingly that WEP was easily cracked, seriously breaching the privacy of any wireless data transmission.

The 802.1X Solution

802.1X is a next-generation draft of IEEE WLAN specifications and protocols written to address the security and management pitfalls of 802.11b. The 802.1X protocol provides sub protocols and methods for better protecting authentication and data transmission, including:

An authentication process - such as a RADIUS server or access point-based authentication - to manage WLAN user authentication, connection attributes, and other matters related to setting up and securing the WLAN connection. While the 802.1X protocol does not recommend one authentication process over another, the market has overwhelmingly adopted RADIUS as the preferred authentication process on WLANs for several compelling reasons:
  • With RADIUS, authentication is user-based rather than device-based, so, for example, a stolen laptop does not necessarily imply a serious security breach.
  • RADIUS eliminates the need to store and manage authentication data on every AP on the WLAN, making security considerably easier to manage and scale.
  • RADIUS has already been widely deployed for other types of authentication on the network
Extensible Authentication Protocol (EAP), and EAPoL (EAP over LAN) - EAPoL is the transport protocol used to negotiate the WLAN user's secure connection to the network. Security is handled by vendor-developed "EAP authentication types", which may protect credentials, data privacy, or both.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th