> Cover Story> Full Story
IN THE SKY
Security in WLANs
A WLAN transmits data over the air using radio waves and
it can be received by any WLAN client in the area served by
the data transmitter. Since radio waves travel through ceilings,
floors, and walls, transmitted data may reach unintended recipients
on different floors and even outside the building of the transmitter.
Installing a WLAN may seem like putting Ethernet ports everywhere,
including your parking lot. Data privacy is a genuine concern
with WLANs because there is no way to direct a WLAN transmission
to only one recipient.
The IEEE 802.11b standard defines two mechanisms for providing
access control and privacy on WLANs. They are SSIDs (Service
Set IDentifiers) and WEP (Wired Equivalent Privacy). Another
mechanism to ensure privacy through encryption is to use a
VPN (Virtual Private Network). However the use of a VPN is
independent of any native WLAN security scheme.
SSID- SSID is a naming handle that provides a rudimentary
level of access control. An SSID is a common network name
for the devices in a WLAN subsystem. It logically segments
the subsystem and the access point is usually set to broadcast
its SSID in its beacons. The use of the SSID as a handle to
permit/deny access may be unsafe because typically the SSID
is not well secured.
WEP - The IEEE 802.11b standard stipulates an optional encryption
scheme called WEP. It offers a mechanism for securing WLAN
data streams. WEP uses a symmetric scheme where the same key
and algorithm are used for both encryption and decryption
of data. WEP can carry out access control and ensure privacy.
It performs access control by preventing unauthorized users,
who lack a correct WEP key, from gaining access to the network.
It ensures privacy because it protects WLAN data streams by
encrypting them and allowing decryption only by users with
the correct WEP keys.
Support for WEP with 40-bit encryption keys is a requirement
for Wi-Fi (Wireless Fidelity) certification by WECA (Wireless
Ethernet Compatibility Alliance). Some vendors implement the
computationally intense activities of encryption and decryption
in software, while others use hardware accelerators to minimize
the performance degradation of encrypting and decrypting data
A client cannot participate in a WLAN until it is authenticated.
The IEEE 802.11b standard defines two types of authentication
methods, the open and shared key. The authentication method
must be set on each client, and the setting should match that
of the access point with which the client wants to associate.
With open authentication, which is default, the entire authentication
process is done in clear-text, and a client can associate
with an access point even without supplying the correct WEP
key. With shared key authentication, the access point sends
the client a challenge text packet that the client must encrypt
with the correct WEP key and return to the access point. If
the client has the wrong key or no key, it will fail authentication
and will not be allowed to associate with the access point.
Some WLAN vendors support authentication based on the physical
address, or MAC address of a client. An access point will
allow association by a client only if that client's MAC address
matches an address in an authentication table used by the
Now that you plan to implement a WLAN solution in your enterprise,
here are some aspects to consider before making the buying
Range and coverage: The distance over which RF and
IR waves can communicate depends on the transmission power
and receiving capabilities of the transceiver. It also depends
on the path to be taken for the data. Interactions with typical
building objects like walls, metal, and even people, can affect
how energy propagates. This limits the range and coverage
of a particular system.
Throughput: Throughput is affected by the number of
users, range, the type of WLAN system used, latency and bottlenecks
on the wired portions of the LAN. Data rates for the most
widespread commercial WLANs are in the 1.6 Mbps range. This
provides users of traditional Ethernet or Token Ring LANs
generally a minor difference in performance when using a WLAN.
You may note that state-of-the-art V.90 modems transmit and
receive at optimal data rates of 56.6 Kbps. In terms of throughput,
a WLAN operating at 1.6 Mbps is almost thirty times faster.
Integrity and reliability: While radio interference
can cause degradation in throughput, such interference is
rare in the workplace. A well-designed WLAN can provide data
integrity performance equal to or better than wired networking.
Compatibility with the existing network: Most WLANs
provide industry standard interconnection with wired networks
that use Ethernet or Token Ring. WLAN nodes are supported
by NOSs with the help of appropriate drivers just like any
other LAN node. Once installed, the network treats wireless
nodes like any other network component.
Interoperability of wireless devices: WLAN systems
from different vendors may not be interoperable. This is due
to three reasons. First, different technologies will not interoperate.
Second, systems using different frequency bands will not interoperate
even if they both employ the same technology. Third, systems
from different vendors may not interoperate even if they both
employ the same technology and the same frequency band, due
to differences in implementation by each vendor. To solve
incompatibility issues you can look for Wi-Fi certified products.
WECA is an organization behind Wi-Fi that certifies products
meeting the 802.11b specification through compatibility testing.
Interference and coexistence: Products which transmit
energy in the same frequency spectrum can potentially provide
some measure of interference. Another concern is the co-location
of multiple WLANs. While WLANs from some manufacturers may
face signal interference, others coexist without interference.
Licensing issues: WLANs are typically designed to operate
in portions of the radio spectrum where government regulatory
bodies do not require the end-user to purchase license to
use the airwaves. Look for a WLAN manufacturer who is certified
by the appropriate agency.
Security: Since your data travels in the air, security
provisions are typically built into WLANs. This makes WLANs
more secure than many wired LANs. It is extremely difficult
for unintended receivers to listen in on WLAN traffic. Complex
encryption techniques make it impossible for all but the most
sophisticated to gain unauthorized access to network traffic.
Cost: A WLAN implementation includes infrastructure
costs for the wireless access points and user costs for WLAN
adapters. The cost of installing and maintaining a WLAN is
generally lower than the cost of installing and maintaining
a traditional wired LAN. A WLAN eliminates the direct costs
of cabling and the labor associated with installing and repairing
Scalability: Wireless networks can be designed to be
extremely simple or quite complex. Wireless networks can support
large numbers of nodes and physical area by adding access
points to boost or extend coverage.
Safety: The output power of WLAN systems is much less
than that of a cellular phone. Even then WLANs must meet stringent
government and industry regulations for safety from radiation.
However, no adverse health effects have ever been attributed
As per IDC projections the Asia-Pacific WLAN market for
2000 is estimated to be around US$45 million and will reach
US$350 million by year 2005 at a CAGR of 51 percent.
Wireless connectivity is moving from the back office to the
front office, from workers who must communicate while traversing
warehouses, to marketing personnel who need to take their
productivity tools down the hall or across the campus. An
Intel market research report says that laptops constitute
25 percent of corporate purchases worldwide. This is expected
to spur the use of WLANs in the enterprise.
Wireless networking is a natural extension to a company's
wired network. High-performance wireless solutions can greatly
increase an employee's productivity by providing real-time
access to e-business applications and valuable networked data.
Infrastructure maturity may be an initial reason for replacing
the traditional wired LAN with a wireless one, but increasingly,
the simplicity, flexibility and ease of deploying WLANs is
appealing to enterprises.
Das Gupta can be reached at email@example.com