LANCOM Reference Manual LCOS 3.50 Chapter 11: Wireless LAN – WLAN
214
Wireless LAN – WLAN
On the way from the original WEP of the 802.11 standard to 802.11i, a whole
series of concepts have arisen that have tended to increase confusion and
insecurity among the users. This document should help to explain the
concepts and the processes used, in chronological order of their development.
11.2.1 Some basic concepts
Even though one constantly hears the blanket term 'Security' when talking
about computer networks, it is still important for the coming exposition to
differentiate a little more closely between the requirements it actually entails.
The first point in security is access security:
Here, a protective mechanism is involved which allows access to the
network only to authorised users.
On the other hand, however, it must also be ensured that the client is
connected to the precise desired access point, and not with some other
access point with the same name which has been smuggled in by some
nefarious third party. Such an authentication can be provided, for
example, using certificates or passwords.
Once access is provided, one would like to ensure that data packets reach
the receiver without any falsification, that is, that no-one can change the
packets or insert other data into the communication path. The
manipulation of data packets themselves cannot be prevented, but
changed packets can indeed be identified using suitable checksum
processes, and then discarded.
Quite separate from access security is confidentiality, that is, unauthorised
third parties must not be able to read the data traffic. To this end, the data are
encrypted. This sort of encryption process is exem plified by DES, AES, RC4, or
Blowfish. Along with encryption, of course, there must also be a
corresponding decryption on the receiving end, generally with the same key
(a so-called symmetric encryption process). The problem naturally then arises,
how the sender can give the key to the receiver for the first time—a simple
transmission could very easily be read by a third party, who could then easily
decrypt the data traffic.
In the simplest case, this problem is left to the user, that is, one simply
assumes that the user can make the key known at both ends of the
connection. In this case, one speaks of pre-shared keys, or 'PSK'.
More sophisticated processes come into play when the use of pre-shared keys
is impractical, for instance in an HTTP connection built over SSL—in this case,
the user can't retrieve a key from a remote web server quite so easily. In this