238    Chapter 4 • Communication Security: Wireless

             Summary


             Wireless LANs are attractive to many companies and home users because of the
             increased productivity that results from the convenience and flexibility of being
             able to connect to the network without using wires.WLANs are especially attrac-
             tive as they can reduce the cost of having to install cabling to support users on the
             network. For these and other reasons,WLANs have become very popular in the
             past few years. However,WLAN technology has often been implemented poorly
             and without due consideration being given to the security of the network. For the
             most part, these poor implementations result from a lack of understanding of the
             nature of wireless networks and the measures that can be taken to secure them.
                 WLANs are inherently insecure because of their very nature: they radiate radio
             signals containing network traffic that can be viewed and potentially compromised
             by anyone within range of the signal.With the proper antennas, the range of
             WLANs is much greater than is commonly assumed. Many administrators wrongly
             believe that their networks are secure because the interference created by walls and
             other physical obstructions combined with the relative low power of wireless
             devices will contain the wireless signal sufficiently. Often, this is not the case.
                 There are a number of different types of wireless networks that can be poten-
             tially deployed including HomeRF, Bluetooth, 802.11b, and 802.11a.The most
             common type of WLAN used today is based on the IEEE 802.11b standard.
                 The 802.11b standard defines the operation of WLANs in the 2.4 to 2.4835
             GHz unlicensed ISM band. 802.11b devices use direct sequence spread spectrum
             (DSSS) to achieve transmission rates of up to 11 Mbps.All 802.11b devices are
             half-duplex devices, which means that a device cannot send and receive at the same
             time. In this, they are like hubs and therefore require mechanisms for contending
             with collisions when multiple stations are transmitting at the same time.To contend
             with collisions, wireless networks use CSMA/CA.
                 The 802.11a and forthcoming 802.11g standards define the operation of wire-
             less networks with higher transmission rates. 802.11a devices are not compatible
             with 802.11b because they use frequencies in the 5 GHz band. Furthermore, unlike
             802.11b networks, they do not use DSSS. 802.11g uses the same ISM frequencies
             as 802.11b and is backward-compatible with 802.11b devices.
                 The 802.11 standard defines the 40-bit WEP protocol as an optional compo-
             nent to protect wireless networks from eavesdropping.WEP is implemented in the
             MAC sublayer of the data link layer (layer 2) of the OSI model.
                 WEP is insecure for a number of reasons.The first is that, because it encrypts
             well-known and deterministic IP traffic in layer 3, it is vulnerable to plaintext



          www.syngress.com