This chapter outlines why Wi-Fi networks are vulnerable to attack and what types of attackers you might encounter. By understanding the motivations and resources of attackers, you can establish your policy on defense. Some people would argue that your policy should always be "go for the maximum defensive measures and never compromise on security." But this is too simplistic. Remember, the ultimate wireless security comes by not using Wi-Fi LAN at all! In the same way, ultimate road safety comes by staying at home. However, practical managers recognize that there are real benefits to Wi-Fi LANs and an effective policy balances risk and utility.

The second half of this chapter defines two strategies for managing security risk. One is to treat all wireless connections as if they were outside the firewall?that is, completely untrusted. This is an expensive approach in terms of equipment and performance, but one that fits well into existing security architectures. The second approach is to treat the Wi-Fi LAN as a trusted component of the network. This requires confidence in the integrity of the Wi-Fi security method. The rest of this book focuses on showing how the second scenario can be used and why the security level is now sufficient to justify your trust.

    Part II: The Design of Wi-Fi Security