The WLAN industry, knowing the huge benefits this technology provides, has been fighting back. In June 2001, the IEEE standards body responsible for defining WEP released its specification for the 802.1x standard, which defines how various wireless technologies can increase the number of secure key exchanges between devices and servers. The absence of key mangagement was of the principal flaws of WEP. Frequent re-keying makes it more difficult to have unauthorized access to wireless networks.
That new spec is already making in-roads. Microsoft Corp. built 802.1x into its Windows XP operating system, and many major wireless vendors such as Bluesocket, Cisco and Funk are touting 802.1x support.
With security defined as one of the main roadblocks to WLAN growth, the question is: Does the new 802.1x do enough to enhance the security of wireless LANs and of other mobile products?
Network security, whether wired or wireless, involves five major activities. Particular security standards or technologies can involve one, two or all five, but any user session must pass through at least these five steps in a secure environment. The steps are:
1) Authentication, which can be handled through identification numbers, user names and passwords, or digital certificates.
2) Authorization, which provides permissions that allow access to vary by user, including the types of systems each user can access, as well as setting priorities.
3) Privacy, which focuses on data confidentiality, usually ensured by the use of encryption.
4) Administration, the ability to manage distributed systems from a central point either for regular maintenance or to respond to an emergency or attack.
5) Accessibility, which focuses on defining Class of Service by user, and in the case of wireless, providing secure mobility.
Although a security system typically involves those five major components, 802.1x is a standard that addresses only authentication and key management for networks. Thus it is a standard focused on roughly two parts of a multi-dimensional challenge to implementing and maintaining a secured, functional network. Extensions to the 802.1x framework (EAP) are progressing to provide authorization.
A Perfect Solution?
802.1x is a large step forward for authentication, access and addressing some of the known issues involving wireless LAN security. A comparison of 802.1x and standard 802.11 security is shown in Table 1. As you can see, there are many advantages to 802.1x. However, as with any fledgling technology or standard, the IT professional should also be concerned with potential problems or limitations.
802.1x is a Framework
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.