• SELECT SITE CURRENCY
Select a currency for use throughout the site
An Overview of Current Wireless Security Strategies
The Tolly Group, January 2001, Pages: 49
Network managers who need to integrate Direct Sequence Spread Spectrum (Dsss) 802.11b wireless LANs successfully into their networks need to understand both the currently available wireless security mechanisms as well as their inherent limitations.
In this Issue, Tolly Research engineers evaluated common wireless networks (Wlan) security features in order to determine operational limitations and overall effectiveness. As is often the case, enhanced security measures must also be evaluated in terms of usability and potential end-user impact, especially given the previous history of wireless performance (i.e. bandwidth limitations). With this in mind, researchers quantified Wlan performance across a variety of traffic types and security strategies to generate a general security impact profile.
At the conclusion of this Issue, IT Managers and network engineers will gain functional insight into currently available Wlan security measures and their associated performance characteristics. Particular focus was placed on Lucent/ORiNoco products, as these constitute a significant proportion of the currently deployed Wlan infrastructures.
Tolly Research engineers evaluated the security features most prevalent in current 802.11b wireless access points, including Extended Service Set IDs (Essids), media access control (MAC) access control lists (ACLs), and Wired Equivalent Privacy (WEP). Additional vendor-specific extensions to the Ieee 802.11b specification were evaluated, such as Lucent's "Closed Network" access control mechanism. The vulnerabilities of each of these mechanisms were clearly highlighted through discussion and practical exploitation examples. Researchers used data captured through packet sniffers and representative screen captures to illustrate the relevant points.
The performance impact of these security features also was examined, with emphasis being placed on client %CPU utilization and attainable aggregate throughput (Mbps). The use of wireless access points and cards from multiple vendors (Cisco, Apple, Lucent) facilitated performance comparisons by providing a diverse operational frame of reference.
This issue focused on the effectiveness of generic wireless security strategies, including Essid (Electronic Security System ID), Mac ACL (Access Control List) and WEP (Wired Equivalent Privacy), the impact that each has on wireless client performance in a Lucent BSS (Basic Service Set) configuration utilizing a TCP sockets-based packet generation tool (anp.exe) including CPU utilization and throughput and impact that WEP alone has on the above client performance using the following traffic profiles: simulated light transactions (Http-based) simulated bulk file transfer operations (Ftp-based) and actual file transfer operations (FTP) with an IIS 5.0 FTP Server. This issue also includes the impact that WEP alone has on client performance in other wireless networks, including Apple Airport 1.2 (measured using Helios LAN Test 2.5.2 - 3000KB R/W tests) and Cisco Aironet 4800 Series (measured using anp.exe).
Primary net production was completed using a Wireless protocol analyzer - WildPackets Corporation, AiroPeek v1.0 802.11b Wireless LAN adapters - Lucent, Orinoco WaveLan Turbo 11Mb Silver Cisco, Aironet 340 Series Wlan Cisco, Aironet PC4800B 11Mb Wlan and an Apple, AirPort 11Mb 802.11b Wlan. The 802.11b Wireless LAN Access Points consisted of a Lucent, Orinoco AP-1000/AP-500 Cisco, Aironet 4820B and an Apple, Airport Base Station.