Basic WLAN Security Technologies
First generation wireless security

Security was not a big concern for early WLANs. The equipment was proprietary, expensive, and hard to find. Many WLANs used the Service Set Identifier (SSID) as a basic form of security . Some WLANs controlled access by entering the media access control (MAC) address of each client into the wireless access points. Neither option was secure, since wireless sniffing could reveal both valid MAC addresses and the SSID.

The SSID is a 1 to 32-character American Standard Code for Information Interchange (ASCII) string that can be entered on the clients and access points, as shown in Figure . Most access points have options like "SSID broadcast" and "Allow any SSID". These features are usually enabled by default and make it easy to set up a wireless network. The "Allow any SSID" option permits the access point to allow access to a client with a blank SSID. The "SSID broadcast" sends beacon packets that advertise the SSID. Disabling these two options does not secure the network, since a wireless sniffer can easily capture a valid SSID from normal WLAN traffic. SSIDs should not be considered a security feature.

MAC based authentication is not specified in the 802.11 specifications. However, many vendors have implemented MAC based authentication. Most vendors simply require each access point to have a list of valid MAC addresses. Some vendors also allow the access point to query a list of MAC addresses on a centralized server.

Controlling wireless network access by using MAC addresses is tedious. Accurate inventory must be kept and users must quickly report lost or stolen equipment. MAC addresses are not a real security mechanism, since all MAC addresses are unencrypted when transmitted. An attacker would only need to capture a valid MAC address to be able to access the network. In certain cases, MAC address authentication can supplement security features, but this should never be the primary method of providing wireless security.