For these reasons, experts expect the WLAN market to grow steadily, even in the face of an economic downturn. Cahners projects that WLAN revenues will grow to $4.6 billion by 2005. WLANs have already made significant penetration into the education, hospitality, healthcare and financial industries, and continually decreasing equipment prices should help drive adoption in other industries. Even owners of public meeting places - now known in the industry as hotspots - are trying to get into the act. Coffee shops, airline lounges, and libraries are just a few of the venues offering WLAN access to their patrons, enabling their customers to make better use of what used to be mandatory unconnected time.
WLAN Architecture and Security Challenges
As with any technology shift, migrating users to WLANs has its drawbacks.
The initial investment in hardware may be significant and somewhat irksome. Organisations will have to deploy multiple wireless access points, and outfit every user with wireless network cards, when most will already have perfectly good NIC cards for the wired LAN.
But the chief concern in migrating to WLAN access is security. Physical wires turn out to be one of the primary obstacles to attackers looking to hack their way onto a LAN. It's unlikely that a stranger plugging into a corporate network would go unchallenged, either by the network security that's already in place, or by surrounding workers.
On a WLAN, of course, this obstacle disappears. Instead, user credentials and data are broadcast from both the client and the wireless access point (AP) in a radius, which may reach 300 feet or more.
Of course, the fact that data is being broadcast via radio waves rather than transmitted over a wire introduces security challenges, namely:
- How can you prevent user credentials from being hijacked during authentication negotiation?
- Once authentication is complete, how can you protect the privacy of the data being transmitted between client and access point?
- How can you make sure the authorised user connects to the right network?
The first WLAN implementations - designed primarily for home use - did little to address these security issues. 802.11b, published in 1999, was the first IEEE draft outlining specifications and protocols for WLAN connections with LAN-equivalent speed and security. More popularly known as Wi-Fi (wireless fidelity), 802.11b provides for wireless transmission rates of 11Mbps.
In 802.11b WLAN solutions, user authentication happened in the clear, via the WLAN device's unique Media Access Control (MAC) address. Each AP contained a database of each authorised client's MAC address; if the client's MAC address was present in the AP's database, the user was granted access to the network. Of course, this left a user's MAC address exposed: anyone sniffing the network could see a valid MAC address being broadcast (and re-set his own device to that address). Also, if the user's client device were stolen, the thief would have all the credentials he or she needed to easily access the network (without having to know or guess a username and password).
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.