Summary
A reasonable 802.11 defense level is possible, but it won't be achieved with a few mouse clicks. Wireless security is a complex process that starts with developing a sound security policy and most likely never ends. Do not underestimate the importance of Layer 1 security. Position your access points behind a hardened gateway, and get the best you can out of the simple defensive methodologies such as MAC address and protocol filtering. Remember that you don't have to buy expensive, high-end wireless gateways to stay secure; a Linux or BSD box and a bit of tweaking is all you need to deploy a reasonably secure and cheap gateway or AP for your WLAN. Finally, the 802.11i standard is getting close to its release date and will alleviate many wireless security-related headaches. We do not expect that 802.11i and the second version of WPA will be perfect and spread overnight; the improved data confidentiality and integrity brought by the new standard will also force the attackers to search for pre-802.11i networks. This, in turn, would be a good stimulus to upgrade to 802.11i-compatible hardware, firmware, and software. In the next chapter, we introduce the subject of applied cryptography, which is essential for understanding how AES, MIC, CCM, TKIP per-packet key mixing, and RC4 used by the 802.11i standard work and why they were selected. We hope that many terminology-related questions you might have had while reading the previous chapters are answered in the next one. Besides, you will learn about the ciphers and principles you need to know to deploy wireless VPNs and strong authentication means efficiently and with minimal impact on your network performance.
|