Computerworld - Benefits of WLAN
Wireless LANs offer two things central to the adoption of communications technologies: reach and economy. Scalable end-user reach is gained without stringing wires, and the users themselves often feel empowered by their unfettered Internet access. In addition, IT managers find the technology a means to possibly stretch scarce budgets.
However, without stringent security to protect network assets, a WLAN implementation could offer a false economy. With Wired Equivalent Privacy (WEP), the old 802.1x WLAN security feature, networks could be easily compromised. This lack of security caused many to realize that WLANs could cause more problems than they were worth.
Overcoming the inadequacies of WEP
WEP, a data privacy encryption for WLANs defined in 802.11b, didn't live up to its name. Its use of rarely changed, static client keys for access control made WEP cryptographically weak. Cryptographic attacks allowed attackers to view all data passed to and from the access point.
WEP's weaknesses include the following:
- Static keys that are rarely changed by users.
- A weak implementation of the RC4 algorithm is used.
- An Initial Vector sequence is too short and "wraps around" in a short time, resulting in repeated keys.
Solving the WEP problem
Today WLANs are maturing and producing security innovations and standards that will be used across all networking mediums for years to come. They have learned to harness flexibility, creating solutions that can be quickly modified if weaknesses are found. An example of this is the addition of 802.1x authentication to the WLAN security toolbox. It has provided a method to protect the network behind the access point from intruders as well as provide for dynamic keys and strengthen WLAN encryption.
802.1X is flexible because it's based on Extensible Authentication Protocol. EAP (IETF RFC 2284) is a highly pliable standard. 802.1x encompasses the range of EAP authentication methods, including MD5, TLS, TTLS, LEAP, PEAP, SecurID, SIM and AKA.
More advanced EAP types such as TLS, TTLS, LEAP and PEAP provide mutual authentication, which limits man-in-the-middle threats by authenticating the server to the client, in addition to just the client to the server. Furthermore, these EAP methods result in keying material, which can be used to generate dynamic WEP keys.
The tunneled methods of EAP-TTLS and EAP-PEAP actually provide mutual authentication to other methods that utilize the familiar user ID/password methods, i.e. EAP-MD5, EAP-MSCHAP V2, in order to authenticate the client to the server. This method of authentication occurs through a secure TLS encryption tunnel that borrows techniques from the time-tested secure Web connections (HTTPS) used in online credit card transactions. In the case of EAP-TTLS, legacy authentication
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- How Four Citrix Customers Solved the Enterprise Mobility Challenge Managing mobile devices, data and all types of apps-Windows, datacenter, web and native mobile- through a single solution.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- AIIM Trendscape: The New Mobile Reality This AIIM Trendscape report shares data, expert opinions, and a unique perspective on the impact of cloud and mobility in the enterprise, surfacing...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- Why do you need an enterprise mobile platform? Today companies must offer great apps that run on a range of devices, and connect to an exploding set of backend data. Appcelerator... All Mobile/Wireless White Papers | Webcasts