Things I'd do if I ever have time

Wish list

Please help a man further his career by donating expensive hardware. Cash works too.

The Many Paths of Wi-Fi Security

Published: 06/25/2008

It's been over eight years since the IEEE 802.11 spec was published. Since then, there have been a number of updates (and additional acronyms to memorize) in the Wi-Fi world. This article is an attempt to encapsulate all the usual Wi-Fi security approaches at layer 2 and spell out what's good and what's not, beyond the typical, "Don't use WEP!" rhetoric.

Most people are only aware of 802.11a / b / g / n standards, but there's also 802.11d / e / f / h / i / j, and on and on. These updates to the original 802.11 spec are not just about raw speed based on changing the characteristics of the physical (PHY) layer in how the radio transmissions and receptions are handled. They also address other issues regarding the 802.11 protocol, such as security. 802.11i is the one we're talking about here.

One other thing - not every device that does Wi-Fi bridging is a "wireless router." There are access points out there that do not do routing functions. Your typical cheap "wireless router" bearing the name Linksys, Netgear, D-Link, Buffalo, etc. that most people pickup at Fry's are essentially three-in-one devices: a router, switch, and wireless access point combined into one. It's just like how a home stereo receiver is a tuner, power amplifier, and pre-amplifier rolled into a common package.

Layer 2 802.11 Fundamentals

   More Information

The Basic Wi-Fi Connection Process

   More Information

(Not really) hiding the SSID

   More Information

MAC address filtering is novelty, not security

   More Information

WEP (Wired Equivalent Privacy) is for cracking, not securing

   More Information

PSK (Pre-Shared Key) for WPA and WPA2

   More Information

WPA-Enterprise / WPA2-Enterprise (also known as 802.1X)

   More Information

Still no physical DoS protection

While the cryptographic protection available for Wi-Fi is pretty good these days, there's still no way of guarding against the obvious denial-of-service attacks. If the access point that's transmitting and receiving on 2.4 GHz happens to be near a kitchen microwave, expect loss of network connectivity when lunchtime comes around. Unlike wired networks, the performance of wireless networks tend to be heavily influenced by many physical factors such as location, placement of antennas, choice of direction or omni-directional antennas, other access points operating on or near the same channel, Kryptonite beams, Starfleet communicators, etc.. Pay a professional to do a real site-survey and don't let them get away with wireless diagrams showing you radio coverage in circles. Radio waves don't adhere to such artistic ideals.

Public hotspots

Most hotspots are either the connect-for-free-at-our-little-coffee-shop variety or a paid system such as T-Mobile enabled hotspots (which Starbucks is currently migrating away from). Free hotspots simply require a wireless card that knows how to do basic things like read, write, spell, use proper grammar, and associate via original 802.11 standards.

Pay hotspots, on the other hand, usually have a captive portal / walled-garden system where basic association is possible for everyone, but connecting to the Internet via IP results in trapped containment by the network gateway. Outbound web browser requests are given HTTP 302 redirects to a login page where credentials are entered for Internet access which, of course, requires that 16-digit credit card number of yours and accepting a EULA which states that you agree not to perform illegal acts, attack the hotspot network, or blast 80s porn music.

Security summary .. the quick version

- WEP = bad.
- MAC address filtering = bad.
- Hiding SSID = bad.
- WPA-PSK and WPA2-PSK with a strong passphrase = good.
- WPA / WPA2 Enterprise (802.1X) = good ... as long as you avoid LEAP, EAP-MD5, and you ensure all clients validate the server certificate. All client certificates should be hand-washed.

Lots of reading...

Want to know more about how Wi-Fi works? Download the IEEE specification and read through the 1000+ pages. Guaranteed to cure insomnia without a prescription.

Go back to the main articles list.