5.8 Wireless Network Authentication

Increased popularity of wireless networks have caused increased security worries for network administrators. In the early days of wireless, dangers were less prevalent. It took hackers a while to adjust to the technology, and there simply weren't that many businesses using wireless technology. That has changed radically of late; hackers have found that wireless networks are relatively easy to break into. This makes wireless security a top priority.

Wireless security requires vigilance to ensure that only authorized users are allowed access to the network. Security concerns led to specifying the 802.11 standard for encrypting WLAN data.

Wired Equivalent Privacy (WEP)

Designed to provide the same level of security as a wired LAN, Wired Equivalent Privacy (WEP) is the method of encryption specified by 802.11. Protecting a WLAN from security breaches is much more difficult, however, due to the physicality of its structure. While a LAN physically limits access to a building's computers, a WLAN presents no such barrier.

WEP sets up a barrier by encrypting data. WEP is a simple algorithm that uses a semi-random number generator (PRNG) and the RC4 stream cipher, which encrypts and decrypts quickly.

WEP keys are implemented on both client and infrastructure devices. A WEP key is an alphanumeric character string. Both the client and the access point, or both clients in an ad hoc WLAN, must have the same key. Otherwise, the client will not be allowed to use the WLAN. Two types of WEP authentication are possible:

Both use RC4 for encrypting data. RC4 is a stream cipher also used in Secure Sockets Layer (SSL) for protecting traffic over the Internet. Advantages include simplicity and speed, but it has vulnerabilities that can be exploited in WEP.


WEP is used at the lowest levels of the OSI model at the Physical and Data Link levels, so it does not offer end to end security. Two specific weaknesses are:

WPA and WPA2

The Wi-Fi Alliance plans to make WEP and TKIP obsolete in the near future.


Hotspots and RADIUS

A RADIUS server provides session controls and also provides wireless access point information in order to enforce access policies and make connections more secure.