SSIDs, WEP, and MAC Abode Authentication
What the aboriginal designers of 802.11 did to actualize basal aegis was accommodate the use of SSIDs,
open or shared-key authentication, changeless Wired Equivalency Protocol (WEP), and optional
Media Admission Control (MAC) authentication. It sounds like a lot, but none of these really
offers any blazon of austere aegis solution—all they may be abutting to able for is use on a
common home network. But I’ll awning them anyway….
SSID is a accepted arrangement name for the accessories in a WLAN arrangement that actualize the wireless
LAN. An SSID prevents admission by any applicant accessory that doesn’t accept the SSID. The affair is,
by default, an admission point broadcasts its SSID in its alarm abounding times a second. And even
if SSID broadcasting is angry off, a bad guy can ascertain the SSID by ecology the network
and aloof cat-and-mouse for a applicant acknowledgment to the admission point. Why? Well, accept it or not, that
information, as adapted in the aboriginal 802.11 specifications, charge be beatific in the clear—how
secure!
If the SSID advertisement from an AP (also called
guest mode
) is disabled, clients
can still affix to the AP by ambience the SSID amount on the applicant software to
the SSID configured on the AP.
The IEEE 802.11 board authentic two types of authentication: accessible and shared-key
authentication. Accessible affidavit involves little added than bartering the actual SSID, but
it’s the best accepted adjustment in use today. With shared-key authentication, the admission point
sends the applicant accessory a challenge-text packet that the applicant charge again encrypt with the correct
WEP key and acknowledgment to the admission point. After the actual key, affidavit will fail, and
the applicant won’t be accustomed to accessory with the admission point. But shared-key authentication
is still not advised defended because all an burglar has to do to get about this is ascertain both
the clear-text claiming and the aforementioned claiming encrypted with a WEP key and again analyze the
WEP key. Surprise—shared key isn’t acclimated in today’s WLANs because of the clear-text challenge.
With accessible authentication, alike if a applicant can complete affidavit and accessory with
an admission point, application WEP prevents the applicant from sending and accepting abstracts from the access
point unless the applicant has the actual WEP key. A WEP key is composed of either 40 or 128 bits
and, in its basal form, is usually statically authentic by the arrangement ambassador on the access
point and all audience that acquaint with that admission point. When changeless WEP keys are used,
a arrangement ambassador charge accomplish the time-consuming assignment of entering the aforementioned keys on
every accessory in the WLAN. Obviously, we now accept fixes for this because this would be
administratively absurd in today’s huge accumulated wireless networks!
Last, applicant MAC addresses can be statically typed into anniversary admission point, and any of them
that appearance up after that MAC abode in the clarify table would be denied access. That sounds
good, but of advance all MAC band advice charge be beatific in the clear—anyone equipped
with a chargeless wireless adenoids can aloof apprehend the applicant packets beatific to the admission point and spoof
their MAC address.
WEP can absolutely assignment if administered correctly. But basal changeless WEP keys are no longer
a applicable advantage in today’s accumulated networks after some of the proprietary fixes that run
on top of WEP. So, I’ll allocution about some of these now.
You can set some basal aegis for an AP by alteration the absence amount on
an AP (Cisco’s absence is tsunami) as able-bodied as configuring a new administrator
password on the AP.