Security in the IEEE 802.11 specification – which applies to 802.11b,
802.11a, and 802.11g – has come under intense scrutiny. Researchers have
exposed several vulnerabilities in the authentication, data-privacy, and
message-integrity mechanisms defined in the specification. As wireless networks
grow, the threat of intruders from the inside and outside is great
. Attackers
called "war drivers" are continually driving around searching for
insecure WLANs to exploit.
The IEEE enhanced Wired Equivalent Privacy
(WEP) with Temporal Key Integrity Protocol (TKIP) which provides robust
authentication options with 802.1x to make 802.11-based wireless LANs secure.
At the same time, the IEEE is looking for stronger encryption mechanisms. The
IEEE has adopted the use of the Advanced Encryption Standard (AES) to the
data-privacy section of the proposed 802.11i standard.
In addition to
802.1x, Cisco supports the use of layer 3 IP Security (IPSec) based VPNs over
802.3 wired LANs and 802.11 WLANs, using Cisco VPN termination devices and VPN
client software installed on wireless devices. This is vital to provide
cost-effective enterprise access from public spaces such as hotels and
airports.
Wireless security weaknesses and mitigation techniques will be
covered in depth later in the course. A wireless designer and support
specialist must be able to securely deploy a wireless network. Network security
should always be implemented based on a sound security policy.