With no physical boundary, how can wireless networks be secure? Can they be locked down sufficiently to please security-conscious users? Because the initial wireless security standard was fundamentally flawed, the answer is complicated. In this chapter, I explain the security issues inherent in the 802.11 family and the various ways you can secure a wireless network.
Before we start discussing the gory details of Wi-Fi LAN security, let me make one thing clear: Wired Equivalent Privacy (WEP), the security protocol used by most 802.11 networks at the time of this writing, is fundamentally flawed. Though I talk about WEP in much more detail later in this chapter, here is a quick rundown of WEP’s flaws:
All users in a wireless network share the same secret key. (And a secret key is no longer a secret if more than one person knows it.)
The implementation of WEP makes it very susceptible to attacks by hackers. It is not a matter of whether it can be cracked, but a matter of how soon. The flaws in WEP have been proven both in theory and practice.
Although WEP has its flaws, it’s worth using to discourage unauthorized users from connecting to your access point. If you need stronger security, you have to rely on other techniques to provide it. In the first part of this chapter, I assume that you are connected to a wireless network (with or without WEP), and that you want to securely access the network resources (including something as simple as surfing the Web or reading your email). I discuss three ways in which you can have more secure wireless communications in the list shown next.
A VPN allows you to remotely access a private network as though you were connected to it physically. Moreover, the entire communication channel is protected by encryption. So if you are connected to a VPN server wirelessly, the packets transmitted between your computer and the access point are encrypted by the VPN connection, which is much more secure than using WEP.
SSH lets you initiate a shell session (similar to Telnet) or exchange files with a remote server, with the information exchanges all encrypted. When not using a VPN, SSH is an excellent option for securely connecting to another computer.
If you connect to public networks where your fellow users are unknown and untrusted, a good firewall can provide some degree of security. Windows XP includes basic firewall capabilities; there are third-party firewall applications available that have more features.
After this, I go into the details of Wi-Fi security and the various technologies that are in use (or have been proposed) for securing wireless networks.