Computerworld - Benefits of WLAN
Wireless LANs offer two things central to the adoption of communications technologies: reach and economy. Scalable end-user reach is gained without stringing wires, and the users themselves often feel empowered by their unfettered Internet access. In addition, IT managers find the technology a means to possibly stretch scarce budgets.
However, without stringent security to protect network assets, a WLAN implementation could offer a false economy. With Wired Equivalent Privacy (WEP), the old 802.1x WLAN security feature, networks could be easily compromised. This lack of security caused many to realize that WLANs could cause more problems than they were worth.
Overcoming the inadequacies of WEP
WEP, a data privacy encryption for WLANs defined in 802.11b, didn't live up to its name. Its use of rarely changed, static client keys for access control made WEP cryptographically weak. Cryptographic attacks allowed attackers to view all data passed to and from the access point.
WEP's weaknesses include the following:
- Static keys that are rarely changed by users.
- A weak implementation of the RC4 algorithm is used.
- An Initial Vector sequence is too short and "wraps around" in a short time, resulting in repeated keys.
Solving the WEP problem
Today WLANs are maturing and producing security innovations and standards that will be used across all networking mediums for years to come. They have learned to harness flexibility, creating solutions that can be quickly modified if weaknesses are found. An example of this is the addition of 802.1x authentication to the WLAN security toolbox. It has provided a method to protect the network behind the access point from intruders as well as provide for dynamic keys and strengthen WLAN encryption.
802.1X is flexible because it's based on Extensible Authentication Protocol. EAP (IETF RFC 2284) is a highly pliable standard. 802.1x encompasses the range of EAP authentication methods, including MD5, TLS, TTLS, LEAP, PEAP, SecurID, SIM and AKA.
More advanced EAP types such as TLS, TTLS, LEAP and PEAP provide mutual authentication, which limits man-in-the-middle threats by authenticating the server to the client, in addition to just the client to the server. Furthermore, these EAP methods result in keying material, which can be used to generate dynamic WEP keys.
The tunneled methods of EAP-TTLS and EAP-PEAP actually provide mutual authentication to other methods that utilize the familiar user ID/password methods, i.e. EAP-MD5, EAP-MSCHAP V2, in order to authenticate the client to the server. This method of authentication occurs through a secure TLS encryption tunnel that borrows techniques from the time-tested secure Web connections (HTTPS) used in online credit card transactions. In the case of EAP-TTLS, legacy authentication
- Assessing ROI for Mobile Acceleration Clients This EMA® paper examines the business case for deploying mobile WAN optimization client software and builds a ROI model based on the experiences...
- The Apple-ization of the Enterprise: Understanding IT's New World Read this paper for how to tackle Apple-ization (and the related consumerization of IT and Bring Your Own Device/BYOD).
- A Practical Introduction to Enterprise Mobility Management Read the white paper to better understand the basic concepts within mobility management and to learn how you can apply EMM technology to...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the... All Mobile/Wireless White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!