Manualshelf

Executive Briefing: Wireless Network Security

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
12345678910
White Paper
Wireless Network Security
Three Levels of Wireless Security
9
encryption keys. Through these enhancements, TKIP addresses all of WEP's known encryption
vulnerabilities. TKIP software upgrades are expected to be available from wireless LAN component suppliers
in 2003.
A more robust replacement for TKIP being debated in the IEEE standards committees is a new encryption
standard called 802.11i. This standard will require new hardware components and is not expected to be
implemented in production by WLAN equipment providers until the end of 2003.
The second component of WPA is 802.1X security, which addresses the key management issue with user
authentication. 802.1X is the second layer of security which, when combined with TKIP, provides a strong
level of wireless security. 802.1X provides a security mechanism through which a user must be authenticated
before he is allowed access to the network.
2 — 802.1X User Authentication
WEP and TKIP have no user authentication mechanism. Any user that has the encryption key (whether
legitimately or illegally obtained) can get free access to the network and the traffic data. To overcome this
weakness, 802.1X security is layered on top of the physical layer security.
The more recent physical layer security protocols, Wi-Fi Protected Access (WPA) and the emerging 802.11i
standard, both specify 802.1x security as a framework for strong wireless security.
Figure 2 802.1x Authentication
Figure 2 shows how a security server verifies that the access point is part of the network and requires users to
provide unique credentials to verify their identity.
802.1X user authentication as shown in Figure 2, requires a user to provide credentials to the security server
before getting access to the network. The credentials can be in the form of user name and password,
certificate, token, or biometric. The security server authenticates the user's credentials to verify that the user
is who he or she claims to be, and is authorized to access the network.
Wireless
Access Point
Authorized Users
Users Blocked
Unauthorized
Secured
Network
Gain Access
OK
802.1x
Security
Server