Overview

Countless surveys of enterprise users have shown that the biggest concern regarding the use of wireless LANs is security. Access to the wired LAN can be secured by posting a security guard at the front door, and assuming that anyone who is in the building is authorized to have network access. In actuality, the focus on wireless security alerted many organizations to the vulnerabilities that existed in their wired systems. Unescorted visitors can easily connect laptops to wired Ethernet ports, and a simple USB thumb drive can provide a mechanism to pilfer gigabytes of sensitive information from an unattended PC. However, the free-space propagation of radio signals in a wireless LAN changes the exposure dramatically, as a hacker can now access the network while sitting in a car in the parking lot. A directional antenna could allow him or her to monitor WLAN transmissions from over a mile away. The limited security features of the original 802.11 wireless LANs brought this issue to the forefront.

The badly flawed security features provided in the original Wired Equivalent Privacy (WEP) created an exposure to both eavesdropping and unauthorized network access. A further security exposure came from users implementing their own wireless LANs by simply connecting an unauthorized (and unsecured) rogue access point to their wired Ethernet connection. Those users failed to realize that the WLAN signals did not stop when they got to the outside wall, but continued well into the parking lot and to the street beyond. Rogue access points...