Radio signals are much easier to tap into than Ethernet connections, so making sure your wireless transmissions remain yours requires a bit of WEP know-how.

by Lisa Phifer VP Core Competence, Inc. [February 6, 2001]

Radio transmission signals are broadcast over an extended area, often beyond the physical premises of buildings. Like its wired counterparts, wireless NICs can operate in promiscuous mode. For this reason, WLANs should be protected from promiscuity by Wired Equivalent Privacy (WEP) encryption.

For confidentiality, WEP encrypts data using RC4 with 40- or 128-bit shared keys. A few vendors use public key cryptology to generate session keys—which eliminates the need to program the station and AP with a shared key—and makes it difficult for stations in the same BSS to eavesdrop on each other.

For authentication, the station and an AP can exchange a challenge/response encrypted message with the same shared crypto key. Again, some vendors employ additional security methods, like Remote Authentication Dial-In User Service (RADIUS) validation.

For rudimentary access control, stations can be programmed with an ESSID, otherwise known as an Extended Service Set Identity—a value stations must present in order to associate with a particular AP. Other APs can be programmed with Access Control Lists (ACLs) as an extension of MACs. Doing so blocks unauthorized stations from associating with an AP. Both of these techniques can be combined with RADIUS for even tighter security controls.

It's important to note that security features are not built into standard WLANs, only by adding optional layers of encryption and restrictive set services can radio transmissions remain where they belong. Because security requirements differ—depending on both the application being served and the environment in which it's accessed—how you secure a WLAN system varies.

For example, confidentiality may not be warranted on a residential BSS, but secured communications are considered essential in wireless LAN setups for businesses.

Any ISP using 802.11 to offer public access broadband or fixed wireless Internet service must be concerned about blocking unauthorized use of the networks bandwidth, and should take all necessary precautions to keep their system secured.

Plug and play
Fixed stations can link wireless systems, but one of 802.11s goals is to make mobile access to stations viable. In this environment, seamless multi-vendor interoperability becomes essential. For example, airlines like American, United, and Delta offer wireless Internet access in some frequent-flyer lounges.

But busy travelers don't want to install a new network card just to tap into airport Internet services. Mobile users want convenience, which demands that access to an airport wireless system be made with the same NIC that is already installed in their laptops—the same NIC that connects the user to the enterprise WLAN at the office.

The Wireless Ethernet Compatibility Alliance (WECA) is a consortium created to grow the 802.11b market by promoting interoperability among developers.

Founded by 3Com, Cisco, Lucent, Nokia, among others, the standards group currently has more than 60 members. WECA members also benefit from being able to utilize third-party interoperability testing by Agilent, which labels products meeting the groups' current interoperability criteria as "Wi-Fi Compatible."