Security Design

Apr 19,2010 by alperen

Security is the most important concern in developing these requirements
for your wireless infrastructure. As requirements change and networking
improves in step with the evolution from 802.11b to 802.11a
and beyond, understanding the dynamics of providing a secure access
conduit is essential to providing speed tempered with access for authorized
personnel only.
When creating your wireless infrastructure, by default, systems are
designed to be “open” so that any wireless station in range of the transmitter
can “roam” right onto your network. From a security standpoint
this is dangerous because someone could easily try to access your system
from the parking lot of your building.
You can design your system with wireless routers and access points
that are easily configured to accept only transmissions from wireless
stations that have been preauthorized to join your network.
Just as the dynamic host confiuration protocol (DHCP) server in a
wired network assigns a static IP address to a specific workstation, wireless
LANs can be configured in much the same way. The configuration
dialog in most products permits an administrator to enter into the memory
of the router the MAC address (a unique identifier for each wired or
wireless network interface card) of each card. This means that only those
stations flagged for access can roam onto the network. Any station that
has not been authorized will not be able to join the system.
This leaves the vulnerability to eavesdropping still a problem for
most wireless infrastructures. In the 802.11b framework, the 2.4-GHz
frequency spread is common enough that almost anyone can get a device
to eavesdrop on the signal. However, since 802.11a operates in the unlicensed
portions of the 5-GHz band, eavesdropping in that frequency
range is much more difficult.

Nevertheless, the question of preventing eavesdropping in the
802.11b area is the most common problem. What users can do is create a
virtual private network (VPN) to mission-critical network resources
when connecting wirelessly. In combination with the default level of
wireless encryption, the VPN will add another layer of encryption, making
it difficult if not impossible for a hacker to eavesdrop on the signal.
If he were to decipher your wireless encryption scheme, then there
would still be another level of decryption necessary before viewing any
of the information in the wireless stream.