Memo on Trip Report for the Lecture or Presentation

¶ … attended a lecture on wireless LAN security that outlined security threats and discussed measures a company needs to take to mitigate risks. The presentation focused on the IEEE 802.11b standard for port-based network access control that provides authenticated and somewhat encrypted network access to 802.11 wireless networks. The findings of the lecture indicated that this standard is still too immature to adequately secure wireless networks.

IEEE 802.11b deploys Wireless Equivalent Privacy for encrypting wireless traffic, which is basically insecure with its current implementation of static keys. A firmware upgrade known as Temporary Key Integrity Protocol has been introduced to offer better encryption by using fast-packet rekeying to change encryption keys frequently. However, security may still be compromised even though it may be harder to do so since there is less traffic with identical keys. The 802.11b standard requires the use of the Remote Authentication Dial-In User Service server for authentication and uses Extensible Authentication Protocol and Transport Layer Security data communication protocols to prevent man-in-the-middle attacks that attempt to bypass authentication. But, the most serious security threat is password theft. Handheld devices do not offer adequate password security and these devices are frequently lost or stolen.

Companies will need to do two things to supplement the security of 802.11b. First, they need to use either a VPN or hardware aggregation devices for encryption. Small wireless LANs can take advantage of VPNs that offer IPsec or PPTP encryption. A wireless LAN client transmits encrypted data through the access point to a VPN concentrator that decrypts the data and passes it onto the wired network. This approach is too expensive and complicated for larger wireless LANs. Hardware aggregation devices scale better than VPNs and interoperate with more wireless equipment. These devices sit between wireless LAN access points and the rest of the wired network to provide a secure gateway for accessing internal resources. Secondly, companies must experiment with biometrics to overcome password theft. Biometrics technology allows identification through fingerprint reading, face recognition, and voice authentication.