|
Wi-Fi
(802.11)
Wi-Fi (short for
wireless fidelity) is a wireless
communications specification for digital devices. Wi-Fi
is often referenced by its standards numbers in the 802.11x
family:
| 802.11
protocol |
freq.
(ghz) |
#
of channels |
max.
channel throughput |
approx. range (ft) |
| 802.11a |
5.0 |
12 |
54 Mbps- |
80 |
| 802.11b |
2.4 |
3 |
11 Mbps |
300 |
| 802.11g |
2.4 |
3 |
54 Mbps |
300 |
The popular 802.11b/g
devices broadcast in the crowded 2.4-Ghz band also used by
most cordless phones. Faster but shorter-range 802.11a devices
use the 5-Ghz band. All can send signals many hundreds of
feet in clear territory, particularly the "b" and
"g" devices. For better or worse, their range inside
buildings is usually much less, absent range-enhancing antenna
add-ons.
Wireless signals
may be received by any device within the range of the transmitter
(generally referred to as the "wireless access point"
or WAP). A new 802.11i standard will eventually provide robust
protection against interception by employing the government-approved
128-bit Advanced Encryption Standard (AES). The 11i standard
is expected to be implemented in devices beginning in 2004/5.
For now, security
is provided primarily via the Wireless Equivalent Privacy
(WEP) encryption standard that is already part of 802.11,
and available in almost all compatible devices. As with 11i,
the primary purpose of WEP is to prevent eavesdropping; but
it has the important secondary benefit of preventing unauthorized
use of one's wireless network.
(As regards securing
adequate throughput for a wireless connection, a proposed
802.11e standard aims to bring quality-of-service capabilities
for applications like voice and video.)
Many analyses have
documented the general vulnerability of wireless connections,
and the particular susceptibility of WEP to a sophisticated
attack. However, the most common reason for WEP failure is
not inherent weakness, but that it is turned off by default
in most 802.11 devices. Most users never manage to turn it
on.
Newer Wi-Fi products
include Wi-Fi Protected Access (WPA), which addresses WEP's
known vulnerabilities and also provides authentication capabilities.
And, as noted, devices in the near future will include 802.11i.
But these too must be activated to be effective, and inactive
is usually the default setting.
The Wireless
Ethernet Compatibility Alliance (WECA) security recommendations
include the following, to the extent the wireless devices
in use allow it:
- use the largest
WEP encryption key permitted, and change the key regularly;
- use session
encryption keys, if available;
- change the SSID
(wireless network name) from its manufacturer-supplied default,
and disable broadcasting of the SSID;
- restrict access
to specified MAC addresses (the unique identifiers assigned
to each 802.11 device), by enabling MAC filtering; and
- set passwords
for drives and folders on the connected devices.
Organizations with
highly sensitive data should consider additional protections,
in addition to the above: end-to-end encryption, authentication
(by password, token), firewalls, etc.
Wireless devices
carry a critical security vulnerability independent of the
possible exposure of their communications: since portable,
they are more easily lost (or stolen), along with all the
data that is stored within them.
See also:
|
