Why This Book Now?

Ask anyone with a computer whether they want to be protected against strangers reading their data or planting viruses. Not really worth the effort, is it? Everyone wants this type of protection. However, most Wi-Fi wireless LANs operating in 2003 have no effective security. In fact, so many Wi-Fi LANs operate without security that an entire new hobby, "war driving," has sprung up in which folks drive around detecting and connecting to unsuspecting networks for fun. There are Web sites that publish the location and details of unprotected networks that are found?there are bound to be some near you! This problem is the result of people being unaware of the danger, but you are different, right?

The fact that you are reading this preface means that you are aware of the need to take active steps to implement security. Already, you may have implemented some security approach, perhaps as recommended by the supplier of the equipment you installed. Would that this were enough. The horrible truth is that the security systems shipped with Wi-Fi systems over the period from 1999 to 2002 are completely inadequate, some would say completely broken. Any computer-literate person can now download from the Internet tools that will attack and break into the first-generation Wi-Fi systems.

This book will show you how to tip the balance back in your favor?how to establish real security within your Wi-Fi LAN. It is not just about configuring your computer correctly or choosing good passwords, although these things are important. There are many books that focus on "parameter setting." What we describe in this book is a whole new approach to wireless LAN security enabled by the recent development of new core technology for Wi-Fi. The new developments achieve what no amount of reconfiguration can do: they solve the problem at the source. In this book we show how the new approaches work and how they should be applied to maximum effect. Whether you are a system administrator or an advanced home user, this book will open your eyes to current weaknesses and practical, implementable solutions.

To Wi-Fi or Not to Wi-Fi

For many years, Wi-Fi or IEEE 802.11 wireless LANs were considered an interesting technology but not mainstream. This has changed. Now ordinary people and companies, not just technology addicts and experimenters in IT departments, see the practical benefits of this technology. There are two categories of users: business and home. Corporations set up Wi-Fi LANs to allow rapid network deployment, to reduce the cost of installing wiring, and to give workers more flexibility in where and when they work. Home users also want to avoid installing wiring and like the ability to use a laptop on the couch or in a comfy chair outside.

System administrators have a big problem when it comes to Wi-Fi LANs. On the one hand they recognize the benefits of wireless both for their own configuration management and for users. On the other hand, they must not deploy anything that will be a serious security threat. We say "serious" because there is always some security risk in any technology deployment. The only truly secure network is no network. So system administrators have to choose between banning Wi-Fi networks or figuring out how to obtain the needed level of security. Experienced system administrators recognize that any new system component brings both benefits and risks. The problem with Wi-Fi up to now has been how to evaluate the risk.

The Cavalry Is Here

In 2001 those few who deployed security often relied on the original Wi-Fi security method, called WEP. Regrettably, and quite suddenly, it was discovered that WEP had major security flaws and, while arguably better than nothing, customers were left without effective protection. The result, in 2002, was an unparalleled effort on the part of the industry to devise a replacement for WEP, something that would be impregnable, but which could be used to upgrade the existing installed systems. In 2003 we see the results of this effort being deployed.

The new solutions for Wi-Fi security are being delivered in two installments. The first installment is called Wi-Fi Protected Access (WPA), announced by the Wi-Fi Alliance at the end of 2002. WPA has been specifically designed to allow software upgrade of most existing Wi-Fi systems. It repairs all the security weaknesses found in older Wi-Fi systems and has been developed to provide system administrators with a solution to the security dilemma.

In time WPA will be incorporated into a new version of the IEEE 802.11 standard (IEEE 802.11i) that is incomplete at the time of writing. This will provide a flexible and extremely secure solution for all future products. WPA offers levels of security much higher than previously available. The failure of WEP was a sharp wake-up call for the industry and the prevailing mood during 2002 was "we will never let this happen again." As a result, the best experts have participated in creating the new solution and the results have been reviewed worldwide prior to completion.

Naturally, change brings questions:

"Should I implement WPA now rather than wait for IEEE 802.11i?"

"What do I do with my existing WEP equipment/Can I upgrade it?"

"Is it now safe to put Wi-Fi inside the firewall?"

These are the types of questions that this book answers. We could answer them right here: "yes," "yes," "yes," but our goal in writing is to ensure that you understand enough about the mechanics to answer these questions for yourself.

In this book we look at security issues, protocols, and applications. An overview covers all the important protocols from IEEE 802.11 and IEEE 802.1X through to authentication protocols such as RADIUS and EAP. We cover the security protocols of WPA and IEEE 802.11i in detail. We also look at the real-world tools that have been used to attack Wi-Fi systems and you will learn why these will no longer be a threat.



    Part II: The Design of Wi-Fi Security