Manualshelf

Executive Briefing: Wireless Network Security

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
12345678910
White Paper
Wireless Network Security
Layered Wireless LAN Security
7
Layered Wireless LAN Security
Like all IT-based security, WLAN security should be handled in layers. This provides several advantages:
stronger overall security, the ability to block access at multiple layers of the network, and flexibility in
selecting the cost/benefit ratio of the desired solution.
By building security in layers, protection can be provided at each layer in the network model. Each layer
provides inherent protection against specific attacks for higher layers of security, correlating to the layers of
the ISO network model.
One of the benefits of 802.1X is the additional strength of layered security. If an intruder is able to break the
security at one level, he is presented with an entire new level of security to break again. This allows
significantly longer time to detect and foil the intruder.
The layered security approach also provides the benefit of selecting the desired level of security, compared
against the costs of adding additional layers. Layer 1 - Physical layer security is built into wireless
equipment, and is essentially free (except for the cost of configuring and maintaining encryption keys) and
may be adequate for a home user who wants to keep out the casual intruder. 802.1X-based security provides
strong corporate security at an incremental cost. 802.1X dramatically increases the security protection of the
network and provides the level of protection needed by most business and corporate users. In specific vertical
segments such as financial and government users where triple-DES encryption is required, VPNs over 802.1X
provide the highest level of wireless security, albeit with a cost increase on the order of $30 - $100 per user.
Each layer adds additional protection on top of the layers below it. The first two layers (physical layer
encryption and 802.1X user authentication) are generally recognized as the minimum requirements for
strong wireless LAN security, now specified in the Wi-Fi Protected Access (WPA) standard. An additional
third layer (VPN) can be added to increase the security levels, if the traffic is sent unencrypted over the
Internet, or contains highly sensitive information.