Before we get into the gory details of Wi-Fi LAN security, let us make one thing clear: Wired Equivalent Privacy (WEP), the security protocol used by most 802.11 networks at the time of this writing, is fundamentally flawed. Though we talk about WEP in much more detail later in this chapter, here is a quick rundown of WEP's flaws:
All users in a wireless network share the same secret key, and a secret key is no longer a secret if more than one person knows it.
The implementation of WEP makes it very susceptible to attacks by hackers. It is not a matter of whether it can be cracked, but a matter of how soon. The flaws in WEP have been proven both in theory and practice.
Although WEP has its flaws, it's worth using to discourage unauthorized users from connecting to your access point. If you need stronger security, you'll have to rely on other techniques to provide it. In the first part of this chapter, we assume that you are connected to a wireless network (with or without WEP), and that you want to securely access the network (even for simple tasks such as surfing the Web or reading your email). There are three ways for you to improve the security of your wireless communications.
A VPN allows you to remotely access a private network as though you were connected to it physically. Moreover, the entire communication channel is protected by encryption. So if you are connected to a VPN server wirelessly, the packets transmitted between your computer and the VPN server (including the access point) are encrypted by the VPN connection, which is much more secure than using WEP. An added bonus is that most VPN solutions have stronger authentication than that available in WEP.
SSH lets you initiate a shell session (similar to Telnet) or exchange files with a remote server, with all information exchanges encrypted. When not using a VPN, SSH is an excellent option for securely connecting to another computer.
If you connect to public networks where your fellow users are unknown and untrusted, a good firewall can provide some degree of security. Mac OS X includes basic firewall capabilities; there are third-party firewall applications available that have more features.
After this, we'll cover the details of Wi-Fi security and the various technologies that are in use (or have been proposed) for securing wireless networks.