336 Words. Plan about 2 minute(s) to read this.
Since your data is naked in the air for anyone with an antenna to see, security is particularly important in a wireless LAN.
Wired Equivalent Privacy (WEP)
- WEP uses a common key to encrypt and decrypt data frames.
- There is no means to distribute keys, other than manually. Thus, WEP keys rarely get changed.
- Many tools are available to crack WEP keys (if they can gather enough data frames), therefore rendering the protocol insufficient for enterprise security.
Temporal Key Integrity Protocol (TKIP)
- TKIP was defined in 802.11i.
- TKIP uses a 128-bit “temporal key” everyone shares.
- The temporal key is combined with the client’s MAC address, plus a 16-octet intialization vector to create the key used to encrypt the date. Every station, therefore, uses a unique key to encrypt the date.
- TKIP uses the RC4 cipher for the encryption, as does WEP. Remember that TKIP will change the keys periodically however, taking away the predictable nature of WEP encrypted frames.
Advanced Encryption Standard (AES)
- 802.11i also defines AES as a stronger alternative to WEP or TKIP.
- AES is growing in popularity as the successor to DES.
Wi-Fi Protected Access (WPA)
- WPA is what 802.11i TKIP looked like before being standardized.
- WPA2 was subsequently released, and includes AES.
Open System Authentication
- The default method of a radio card authenticating to an AP.
- No particular security here.
Shared Key Authentication
- This is a step beyond open authentication, using WEP.
- Authentication request sent by the card.
- The AP responds with an authentication frame that has a challenge, the challenge being a string of unencrypted text.
- The card encrypts the challenge with the WEP key and sends it back to the AP.
- The AP decrypts the returned challenge with the common WEP key. If the challenge text decrypts as expected, the AP believes that the radio card is using the right WEP key and allows it to associate.
Virtual Private Networks
- Often, a VPN is used as a layer of security to protect data in unprotected or loosely protected wireless environments.