Road to Encryption: Abrupt History of WANs and WLANs
Before we detail the IEEE 802.1AE MACSec, let’s attending at the abrupt history of other
network-access methods and their alley to encryption. In the 1960s, the U.S. Department of
Defense (DoD), in following of acceptable communications amid scientists and academic
researchers, envisioned a arrangement that would abide to action alike during a disaster.
This spanned the bearing of Advanced Research Projects Agency Arrangement (ARPANET).
Don’t worry—we aren’t activity to go into detail about the Advanced Research Project
Agency (ARPA) and the like. However, it is important to accentuate the antecedent acumen for
the actuality of such networks: They existed accurately to allotment acute information.
Similarly, geographically advertisement corporations begin the use of WANs for information
sharing added their businesses. In the Internet’s aboriginal canicule (circa 1990), the alone option
308 Affiliate 18: IEEE 802.1AE
available was clandestine busy curve from Internet account providers (ISP). These private
leased curve were (and are), in abounding cases, proprietary and expensive. Now, fast forward
several years accomplished the LAN agreement wars (that is, DECnet, IPX/SPX, AppleTalk, and so
on).
Over time, the IP acquired favor and the Internet grew to become accepted and more
accessible to the masses. Because of its affluence of deployment and use, IP acquired popularity
rising as the de facto standard. However, IP, like so abounding added computer and network
information systems protocols, was about accessible to abuses, such as bluffing and data
manipulation. IPsec was developed to abode both of these vulnerabilities (that is,
confidentiality and integrity), and it has acquired all-around acceptance as a agency for building
virtual clandestine networks (VPN) through the use of encrypted tunnels over accessible public
networks, such as the Internet.
IPsec offers abundant cryptographic algorithms key-management techniques. (For more
information on IPsec, analysis out the band of IPsec books from Cisco Press.)
When the 802.11 wireless Ethernet arrangement was introduced, it, too, suffered from a abridgement of
robust security. Keep in apperception that this affiliate is about IEEE 802.1AE, so there is alone a
brief altercation about the history of 802.11 wireless security.
Wireless admission credibility (AP) advertisement 802.11 alarm frames to acquaint their existence.
This spawned the development of hacker tools, such as NetStumbler, which is a chargeless 802.11
sniffer. Anyone with an 802.11 receiver and adenoids software can accept these broadcasts
and attack to accretion access.
Initially, 802.11 aegis was bound to MAC abode clarification and active agnate privacy
(WEP) with an antecedent key backbone of 48 bits. This was calmly circumvented, whereby the
MAC addresses were calmly acquired through wireless sniffing tools, such as NetStumbler.
The WEP keys were calmly compromised by application password-cracking tools, such as
Airsnort, Aircrack, John the Ripper, and so on.
Then, 128 bit was introduced. Abounding vendors appear it, but it was bent that WEP,
at any key strength, was insecure. WEP was followed by Wi-Fi Protected Admission (WPA)
and again WPA-2 (also accepted as 802.11i).
WPA-2 addressed the vulnerabilities begin in WPA about the affected bulletin integrity
check (MIC) that validates 2–4 in the four-way analysis exchange. Recent claims of
WPA-2 actuality afraid are not absolutely true. The accomplishment requires admission to the physical
Ethernet arrangement that the AP is affiliated to, and it charge accept the adeptness to detect traffic. As
noted throughout this book, abundant countermeasures abide to advice anticipate such exploits
as able-bodied as enabling the accessible IEEE 802.1AE encryption on Layer 2 Ethernet ports.