802.11b Security Measures

Built in security

• ESSID

  1. Extended Service Set Identifier
     A network number for the wireless network. Devices may be set to <ANY> or to a specific ESSID.  When set, the will only communicate with other devices using the same ESSID.
     
  2. 32-character maximum string and is case-sensitive
  3. Easily discovered using snooping software
     
     

• WEP

  1. Wired Equivalency Protocol
     Equivalency because it's goal is to provide the same level of security as found in a wired ethernet network.
  2. 802.11b standard calls for a specific implementation of an RSA encryption protocol (RC4) with a 40-bit shared key.
  3. All users have the same key, so any use may see all traffic on the network - just like ethernet.
  4. Users may give key to unauthorized users thereby negating security.
  5. WEP has already been comprimised and several exploits have been found.

Extra Measures

• MAC Address blocking/filtering

  Some access points can be configured to only communicate with client cards whos hardware address is contained in an authorization table.  This should provide an effective way to limit access, but would not stop unauthorized clients from listening in.  Would be useless if client cards allow MAC address to set by user.

• 3rd Party encryption

  1. 128-bit encryption
     could be better that default 40-bit WEP, but is non-standard. There is no guarantee that it will work across manufacturers.
  2. End to End encryption
  • SSH
  • PPTP
  • IPsec