108    Chapter 3 • Communication Security: Remote Access and Messaging

             802.1x


             In Chapter 4, users will become familiar with wireless local area networks
             (WLANs) and the Institute of Electrical and Electronics Engineers (IEEE) 802.11
             standard for wireless networking. It is so simple to implement wireless networking
             technology, that most novice users can install it themselves.What most novice users
             do not realize is that as soon as they transmit their first piece of data across their
             new network they have opened up a can of worms!


                The Dangers of a Wide-Open WLAN
           Head of the Class…  geoning entrepreneurs. While doing a routine check of available wireless
                I worked as an Information Technology (IT) manager of a company based
                in a large building that housed many cutting edge startups and bur-

                networks, I noticed one I had never seen before and, once connected to
                it, found that I had access to two computers. Both computers were
                sharing their hard drives with no security and I was quickly able to figure
                out what company they belonged to. After talking to their IT staff, I
                learned that an executive had deployed a wireless access point so he
                could share information with his assistant easily. This executive had been
                working on (and sharing to the whole world!) the new technology that
                would be the differentiator between that company and their competi-
                tors. The message is: know your network, know what is attached to it,
                and make sure you have security measures in place to protect it.

                 This is where the varied 802.1 standard enters. In 1999,Wired Equivalent
             Privacy (WEP) protocol was established to enhance the level of security offered on
             a WLAN. Due to a variety of weaknesses (see the section below on vulnerabilities),
             WEP was deemed as insufficient to protect confidential data in a modern organiza-
             tion.As such, in April 2003, the Wi-Fi Alliance introduced an interoperable security
             protocol known a WiFi Protected Access (WPA), based on draft 3 of the IEEE
             802.11i standard.
                 WPA was meant to be a replacement for WEP such that any network could
             move to the standard without the extra expense of additional or replacement hard-
             ware. Herein lay the only real weakness in the new standard, which was understood
             from the start: the algorithm used in WPA (Michael) was made as strong as possible
             while maintaining a level of usability on legacy adapters.As such, the design of
             WPA fell short of what was already an achievable level of security in 2003 when it
             was released. Still, it was a solid source of security, boasting cryptographic support
             from the Temporal Key Integrity Protocol (TKIP) based on the RC4 cipher, which



          www.syngress.com