You are here: Wireless Security Technology

How Can a Network That Has No Physical Barriers Be Secure?
Walk around your own neighborhood with a wireless computing device and you'll probably detect the presence of a wireless network. You're also likely to find that it is not encrypted and open to use. It's a pretty safe bet it was left open due to the real or perceived difficulty of configuring wireless encryption.

Intruders find wireless networks relatively easy to break into. Issues can arise even in a n organization that is running a wired-only network when a wireless laptop is plugged into it using an available Ethernet jack. In this scenario, an intruder could sit out in the parking lot and break in through the laptop's wireless card and gain access to the wired network.  Thus, both network administrators and users must be aware of these risks and take protective measures. 

New standards attempt to strengthen security barriers, and there are many technologies available to counteract wireless network intrusion. But no method is absolutely secure. The best strategy is combine a number of security measures:

  1. All WLAN devices need to be secured
    • Access control
    • WLAN authentication and encryption standards
  2. All users of the wireless network need to be educated in wireless network security
    • Acceptable use policy
  3. All wireless networks need to be actively monitored for weaknesses and breaches
    • Detection and containment of rogue devices
    • Intrusion prevention

Organzations are increasingly relying on computer security specialists to help protect their network infrastructure. While some of their duties may overlap with that of a network administrator's, it is a higher-level role because of their specialized training in assessing the requirements of, and security risks to, an organization's network infrastructure.  They are also are trained in designing, implementating and maintaining the network infrastructure from security breaches.

Brief Introduction to Wireless Technology and Security Methods
Wireless networking is now the preferred method for establishing new computer networks, and replacing wired networks when possible. Wireless technology connects one or more computing devices by using radio waves. Instead of cables, antennas broadcast a signal that can be picked up by any computing device equipped with a wireless card. Nearly any laptop sold in the last two years was shipped "Wi-Fi ready," and older computers can easily be retrofitted.

There are two wireless data standards are commonly used by wireless networking hardware today : 802.11b and 802.11g.

802.11b operates in the 2.4GHz radio frequency range. Its maximum bandwidth is 11 Mbps, and maximum effective range is about 105 feet. The 2.4GHz frequency range is quite narrow and offers a maximum of 11 channels, of which three are separate non-overlapping data channels. (These channels are 1, 6 and 11. To see a more in depth discussion about why only 3 channels should be used although our devices allows 11 channels see the webpage Comparing 802.11a, b, and g: Channels and Interference). Data channels are just like radio channels - you can only have so many in a frequency range; however, unlike radio channels, more than one user can use a single channel.

The 802.11g standard is an upgrade to the 802.11b. It also operates in the 2.4GHz radio frequency range. Its maximum bandwidth is 54 Mbps and the maximum range is about 175The 802.11g standard is backwards compatible with its predecessor, 802.11b.

By default, a wireless network access point is open to anyone within in range with the proper equipment. Thus if your router or access point is configured to distribute IP addresses via DHCP, it will do so to anyone equipped with a wireless enabled laptop or PDA. Older wireless routers/access points have two basic security methods: MAC address filtering and Wired Equivalent Privacy (WEP).

MAC address filtering consists of 2 modes: association and connection. Enabling association mode allows the client device to communicate only with other wireless devices on the network. It does not allow access to any device outside of the network, or the Internet. Enabling connection mode allows the client device with full communication privileges. WEP works by establishing a shared key between the clients and the wireless router/access point, then using it to encrypt and de-crypt data passing between them. WEP is enabled on the wireless router/access point and on each client accessing it. A pass phrase must be identically entered on each system. Both MAC and WEP offer only very basic security, and the risks associated with their use are discussed in the webpage Wireless Networks in Big Trouble.

Newer versions of wireless routers/access points make use of 2 additional security methods. The first is the Wireless Applicaton Protocol (WAP), of which there are several variations. A router/accesspoint may also support the Remote Authentication Dial In User Service (RADIUS), a protocol that works in conjunction with Network Operating Systems such as Windows, UNIX or Linux servers and is used for larger networks. (See for unix-like OS, for Windows) RADIUS provides centralized authentication, authorization, and accounting for network access. Originally developed for dial-up access, RADIUS is supported by virtual private network (VPN) servers, and network switches.

As we go through this module, MAC, WEP, WAP & RADIUS technologies will be presented to help you choose one of them depending on your needs and available resources.

Module Purpose
A generation ago wireless technology, in the form of cellular telephone service, was considered to be a boutique service for the technically elite.   Since then the technology has grown to include services such as wireless broadband Internet access (Wi-Fi), Wireless Personal Area Networks (Bluetooth), wireless voice over IP (VoIP), and wireless messaging (e.g. Blackberry) to name a few.  Users find the untethered experience liberating.  Many enjoy the convenience of high-speed wireless at home and want this service in school, the office and on the road.  They say it is critical to improving productivity.

The challenges of creating and maintaining a wireless home network pales in comparison with establishing the same in large office, metropolitan and campus settings. Security is the primary concern and limiting factor with implementation.  Because of their mission of teaching and learning, colleges are a primary source of training the technical workforce in computer and network security.  They play an important role in cybersecurity.  This module provides network security information for higher education broadband networks; explaining tools that should be used to prevent and/or detect threats to these networks.  These tools, and the skills needed to use them, can be used to address WLAN security issues in the educational, business, and government settings.

Teaching and Learning Methodology
The activities in this module are based on:
  • Research and discussion
  • Hands-on lab activities
  • Skills assessment
The students will:
  • Work cooperatively in teams
  • Work independently to demonstrate competence
The instructor:
  • Can use this module in an existing course
  • Assign research activities as a group exercise for lab and/or homework
  • Provide face-to-face instruction
Contact the Authors
Luis Perez
Southwest Texas Junior College
4003 Highway 277 SE
Eagle Pass, TX 78852
[email protected]
Audrone Matutis, Faculty Mentor
Houston Community College-Northwest
1550 Foxlake Dr.
Houston, TX 77084
713-718-5839 / 713-983-0488
[email protected]