Home > Cover Story> Full Story

LAN IN THE SKY

Security in WLANs
A WLAN transmits data over the air using radio waves and it can be received by any WLAN client in the area served by the data transmitter. Since radio waves travel through ceilings, floors, and walls, transmitted data may reach unintended recipients on different floors and even outside the building of the transmitter. Installing a WLAN may seem like putting Ethernet ports everywhere, including your parking lot. Data privacy is a genuine concern with WLANs because there is no way to direct a WLAN transmission to only one recipient.

The IEEE 802.11b standard defines two mechanisms for providing access control and privacy on WLANs. They are SSIDs (Service Set IDentifiers) and WEP (Wired Equivalent Privacy). Another mechanism to ensure privacy through encryption is to use a VPN (Virtual Private Network). However the use of a VPN is independent of any native WLAN security scheme.

SSID- SSID is a naming handle that provides a rudimentary level of access control. An SSID is a common network name for the devices in a WLAN subsystem. It logically segments the subsystem and the access point is usually set to broadcast its SSID in its beacons. The use of the SSID as a handle to permit/deny access may be unsafe because typically the SSID is not well secured.

WEP - The IEEE 802.11b standard stipulates an optional encryption scheme called WEP. It offers a mechanism for securing WLAN data streams. WEP uses a symmetric scheme where the same key and algorithm are used for both encryption and decryption of data. WEP can carry out access control and ensure privacy. It performs access control by preventing unauthorized users, who lack a correct WEP key, from gaining access to the network. It ensures privacy because it protects WLAN data streams by encrypting them and allowing decryption only by users with the correct WEP keys.

Support for WEP with 40-bit encryption keys is a requirement for Wi-Fi (Wireless Fidelity) certification by WECA (Wireless Ethernet Compatibility Alliance). Some vendors implement the computationally intense activities of encryption and decryption in software, while others use hardware accelerators to minimize the performance degradation of encrypting and decrypting data streams.

Authentication
A client cannot participate in a WLAN until it is authenticated. The IEEE 802.11b standard defines two types of authentication methods, the open and shared key. The authentication method must be set on each client, and the setting should match that of the access point with which the client wants to associate.

With open authentication, which is default, the entire authentication process is done in clear-text, and a client can associate with an access point even without supplying the correct WEP key. With shared key authentication, the access point sends the client a challenge text packet that the client must encrypt with the correct WEP key and return to the access point. If the client has the wrong key or no key, it will fail authentication and will not be allowed to associate with the access point.

Some WLAN vendors support authentication based on the physical address, or MAC address of a client. An access point will allow association by a client only if that client's MAC address matches an address in an authentication table used by the access point.

WLAN considerations

Now that you plan to implement a WLAN solution in your enterprise, here are some aspects to consider before making the buying decision.

Range and coverage: The distance over which RF and IR waves can communicate depends on the transmission power and receiving capabilities of the transceiver. It also depends on the path to be taken for the data. Interactions with typical building objects like walls, metal, and even people, can affect how energy propagates. This limits the range and coverage of a particular system.

Throughput: Throughput is affected by the number of users, range, the type of WLAN system used, latency and bottlenecks on the wired portions of the LAN. Data rates for the most widespread commercial WLANs are in the 1.6 Mbps range. This provides users of traditional Ethernet or Token Ring LANs generally a minor difference in performance when using a WLAN.

You may note that state-of-the-art V.90 modems transmit and receive at optimal data rates of 56.6 Kbps. In terms of throughput, a WLAN operating at 1.6 Mbps is almost thirty times faster.

Integrity and reliability: While radio interference can cause degradation in throughput, such interference is rare in the workplace. A well-designed WLAN can provide data integrity performance equal to or better than wired networking.

Compatibility with the existing network: Most WLANs provide industry standard interconnection with wired networks that use Ethernet or Token Ring. WLAN nodes are supported by NOSs with the help of appropriate drivers just like any other LAN node. Once installed, the network treats wireless nodes like any other network component.

Interoperability of wireless devices: WLAN systems from different vendors may not be interoperable. This is due to three reasons. First, different technologies will not interoperate. Second, systems using different frequency bands will not interoperate even if they both employ the same technology. Third, systems from different vendors may not interoperate even if they both employ the same technology and the same frequency band, due to differences in implementation by each vendor. To solve incompatibility issues you can look for Wi-Fi certified products. WECA is an organization behind Wi-Fi that certifies products meeting the 802.11b specification through compatibility testing.

Interference and coexistence: Products which transmit energy in the same frequency spectrum can potentially provide some measure of interference. Another concern is the co-location of multiple WLANs. While WLANs from some manufacturers may face signal interference, others coexist without interference.

Licensing issues: WLANs are typically designed to operate in portions of the radio spectrum where government regulatory bodies do not require the end-user to purchase license to use the airwaves. Look for a WLAN manufacturer who is certified by the appropriate agency.

Security: Since your data travels in the air, security provisions are typically built into WLANs. This makes WLANs more secure than many wired LANs. It is extremely difficult for unintended receivers to listen in on WLAN traffic. Complex encryption techniques make it impossible for all but the most sophisticated to gain unauthorized access to network traffic.

Cost: A WLAN implementation includes infrastructure costs for the wireless access points and user costs for WLAN adapters. The cost of installing and maintaining a WLAN is generally lower than the cost of installing and maintaining a traditional wired LAN. A WLAN eliminates the direct costs of cabling and the labor associated with installing and repairing it.

Scalability: Wireless networks can be designed to be extremely simple or quite complex. Wireless networks can support large numbers of nodes and physical area by adding access points to boost or extend coverage.

Safety: The output power of WLAN systems is much less than that of a cellular phone. Even then WLANs must meet stringent government and industry regulations for safety from radiation. However, no adverse health effects have ever been attributed to WLANs.

Take-off
As per IDC projections the Asia-Pacific WLAN market for 2000 is estimated to be around US$45 million and will reach US$350 million by year 2005 at a CAGR of 51 percent.

Wireless connectivity is moving from the back office to the front office, from workers who must communicate while traversing warehouses, to marketing personnel who need to take their productivity tools down the hall or across the campus. An Intel market research report says that laptops constitute 25 percent of corporate purchases worldwide. This is expected to spur the use of WLANs in the enterprise.

Wireless networking is a natural extension to a company's wired network. High-performance wireless solutions can greatly increase an employee's productivity by providing real-time access to e-business applications and valuable networked data.

Infrastructure maturity may be an initial reason for replacing the traditional wired LAN with a wireless one, but increasingly, the simplicity, flexibility and ease of deploying WLANs is appealing to enterprises.

Soutiman Das Gupta can be reached at soutimand@networkmagazineindia.com