Basic WLAN Security Technologies
Authentication and association

Open Authentication and Shared Key Authentication are the two methods that the 802.11 standard defines for clients to connect to an access point . The association process can be broken down into three elements known as probe, authentication, and association. This section will explain both authentication methods and the steps the client undergoes during the process. Network EAP will be discussed in the enterprise WLAN security section.

Open Authentication
The Open Authentication method performs the entire authentication process in clear text. This is shown in Figure . Open Authentication is basically a null authentication, which means there is no verification of the user or machine. Open Authentication is usually tied to a WEP key. A client can associate to the access point with an incorrect WEP key or even no WEP key. A client with the wrong WEP key will be unable to send or receive data, since the packet payload will be encrypted. Keep in mind that the header is not encrypted by WEP. Only the payload or data is encrypted.

Shared Key Authentication
Shared Key Authentication works similarly to Open Authentication, except that it uses WEP encryption for one step. Shared key requires the client and the access point to have the same WEP key. An access point using Shared Key Authentication sends a challenge text packet to the client, as shown in Figure . If the client has the wrong key or no key, it will fail this portion of the authentication process. The client will not be allowed to associate to the AP. Shared key is vulnerable to a man-in-the-middle attack, so it is not recommended.

Interoperability
On most access points, including Cisco, it is possible to use Open Authentication with or without a WEP key. For basic interoperability requiring WEP, a Cisco Access point will be set up using Open Authentication. Data Encryption is set to Required, and TKIP, MIC, and BKR are all disabled.


Lab Activity

Lab Exercise: Wireless Attacks and Countermeasures

In this lab, students will gain an understanding of the primary hacking methods used to bypass conventional security measures on WLANs. Additionally, students will learn the countermeasures that can be implemented for security on a WLAN.

Interactive Media Activity

Interactive Activity: IEEE 802.11 Authentication and Association

This interactive animation demonstrates how wireless authentication works.