Wireless Security

Network security is extremely important. Security becomes even more complicated
and critical when wireless devices are added to the network. Because data floats around
in the ether, anyone can pick it up. This chapter addresses the issues of security in a
wireless network and shows how to bolster your network’s security mechanisms.
Security Overview
Applying strong wireless security mechanisms is the key to ensure that a wireless
network is protected against unauthorized access and eavesdropping. Unfortunately,
wireless security is vulnerable if implemented improperly. The following sections
examine some of the issues surrounding wireless security and how you can avoid
trouble.
WEP Overview
The first, most basic level of securing a wireless LAN (WLAN) is to set up a wired
equivalent privacy (WEP) key. This is a means of encryption that encodes
transmissions between an access point (AP) and client. This is a basic means of
security, but it is not thorough. When wireless devices were first introduced, this was a
quick and easy way to provide security. Unfortunately, WEP is inherently flawed;
however, it might be your only option if you work with older equipment or client
software.
If enough traffic is passed back and forth between client and AP, the packets can be
intercepted and the encryption key deduced. This is not a likely issue for homes and
small offices that have light wireless activity and uninteresting data. However, in an
organization with high volumes of wireless traffic and critical data, it is easy for an
intruder to crack the code. It is perhaps worth the effort of the intruder.

NOTE: The Aironet 1100 Series, 1200 Series, 1300 Series APs, and the 1400 Series bridges
that run Cisco IOS Software are especially vulnerable because they send any WEP key in
cleartext to the simple network management protocol (SNMP) server if the snmp-server
enable traps wlan-wep command is enabled. If you use WEP, make sure this command is
disabled.