Security was not a big concern for early WLANs. The equipment was
proprietary, expensive, and hard to find. Many WLANs used the Service Set
Identifier (SSID) as a basic form of security
. Some WLANs
controlled access by entering the media access control (MAC) address of each
client into the wireless access points. Neither option was secure, since
wireless sniffing could reveal both valid MAC addresses and the SSID.
The SSID is a 1 to 32-character American Standard Code for Information
Interchange (ASCII) string that can be entered on the clients and access
points, as shown in Figure
. Most
access points have options like "SSID broadcast" and "Allow any
SSID". These features are usually enabled by default and make it easy to
set up a wireless network. The "Allow any SSID" option permits the
access point to allow access to a client with a blank SSID. The "SSID
broadcast" sends beacon packets that advertise the SSID. Disabling these
two options does not secure the network, since a wireless sniffer can easily
capture a valid SSID from normal WLAN traffic. SSIDs should not be considered a
security feature.
MAC based authentication is not specified in the
802.11 specifications. However, many vendors have implemented MAC based
authentication. Most vendors simply require each access point to have a list of
valid MAC addresses. Some vendors also allow the access point to query a list
of MAC addresses on a centralized server.
Controlling wireless network
access by using MAC addresses is tedious. Accurate inventory must be kept and
users must quickly report lost or stolen equipment. MAC addresses are not a
real security mechanism, since all MAC addresses are unencrypted when
transmitted. An attacker would only need to capture a valid MAC address to be
able to access the network. In certain cases, MAC address authentication can
supplement security features, but this should never be the primary method of
providing wireless security.