This chapter deals with topics crucial to WLAN security that deserve special attention. Each has a useful and unique approach to WLAN security and merits coverage in this text. The subjects in this chapter are unrelated to each other, or to other categories, which is why they are covered as "additional" security solutions. Included herein are discussions about intrusion detection systems, thin client network models, using DHCP for authentication, network traffic baselining, Kerberos, RADIUS, LDAP, and some emerging standards; each of these technologies offers additional layers of security to WLANs.

11.1 Intrusion Detection Systems

Intrusion Detection Systems (IDSs) have been a critical security component of wired networks for a number of years now. They are beginning to appear in the wireless security software marketplace and have been specifically designed with the discrete requirements of wireless networks in mind. An IDS inspects inbound and outbound traffic and, through the use of built-in rule sets, identifies suspicious activity that could be the result of a hacker trying to break into a network. Firewalls are also used for this purpose, but an IDS is different from a firewall because a firewall monitors for intrusions to stop them from occurring. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. Both the firewall and IDS security packages may be configured to monitor internal network traffic for anomalies and attacks originating from within the system.

Wired network IDS products are designed as a solution for wired networks, and as such,...