802.1x and WLAN Security
WLAN security is important because wireless systems are designed to allow
easy access and may extend beyond the physical perimeter of your building.
Many WLAN implementations do not have encryption or authentication.
Small wonder then that “war driving,” or the act of randomly wondering in
search of an open AP, is so easy to perform.
The number-one problem is that most APs are insecure by default and few
have any security added to them. When present, security for WLANs is
accomplished through authenticating users and encrypting traffic. Old forms
of authentication and encryption have been found vulnerable, so APs must be
kept current. Types of wireless security include:
■ Service Set Identifier (SSID)
■ Authentication by MAC
■ Static Wired Equivalent Privacy (WEP) keys
■ One-way authentication
Network administrators must not only ensure their APs are secure, they must
always look for rogue APs (access points put up by users to accomplish a
narrow goal without regard to corporate security).
Note
LWAPs and their controllers help with AP security and rogue AP detection. LWAPs, because
they are controlled from a central point, are more scalable because administration is much
easier. Cisco LWAP/Controller model also has rogue detection baked in.