Wireless LAN (WLAN) network deployments are on the rise and are becoming increasingly popular because of the ease of deployment, cost effectiveness, scalability, and significant productivity gains. This rise in the recent years has offered greater mobility to users by allowing them to move freely without tangling with wired workstations. Some of the most common WLAN deployments are not secured appropriately, thereby attracting unauthorized use of the network services. The lack of trust in the security of the wireless technology has caused increasing concern when organizations are deploying WLAN-based network solutions. Organizations now demand comprehensive and secure WLAN solutions. As the leader in providing wireless networking technology, Cisco now offers comprehensive solutions to secure wireless LAN networks.
WLAN is a LAN that uses radio communication to provide mobility to network users while maintaining the connectivity to the wired network.
The IEEE standardizes the security for wireless-based networks into two main components: the encryption and the authentication. The following section provides a basic overview of WLANs followed by a closer look at the security features.
WLAN is a LAN that transmits over the air by using radio waves that travel between the clients and access points (AP).
WLAN uses spread-spectrum technology that is based on radio waves to enable communication between devices in a limited area, also known as the basic service set. Spread spectrum technology is used both to increase the data rate and increase its tolerance to harmful interference. Spread spectrum dictates that data transmissions are spread across numerous frequencies. This gives users the capability to avoid interference from other wireless devices.
Radio waves do not require a line of sight between sender and receiver and can send or receive signals through the walls, ceilings, floors, and so on. This means that the broadcast transmission can reach unintended recipients. Therefore, strong security measures are needed to provide the same level of security as offered by wired LAN networks.
In 1990, the IEEE standards committee established a group to develop a standard for wireless communication devices. The objective was to implement wireless LAN networks (an upper-layer feature) at the data link (Layer 2) and physical layer (Layer 1) of the OSI model because they use standard interfaces into the IP layer (Layer 3). This solution provided scalability for existing operating systems and applications to be integrated into WLAN devices without modification in the upper layers.
The IEEE introduced the 802.11 family for wireless communication devices that offered the following over-the-air modulation techniques used for the wireless-based LAN technologies:
IEEE 802.11b (Defined in 1999)
IEEE 802.11g (Defined in 2003)
The Wi-Fi Alliance, on the other hand, is a nonprofit, vendor-neutral organization that provides the branding for 802.11-based technology known as Wi-Fi. An 802.11-based device undergoes rigorous functionality and operational testing before it can be certified by the Wi-Fi Alliance as a compliant device to ensure the interoperability with all other Wi-Fi certified products regardless of the vendor.
As pointed out earlier, the WLAN is a LAN that transmits data over the air, using radio frequencies to communicate between wireless enabled devices. The transmission frequency of a WLAN depends on the IEEE protocol standard used.
The wireless-based standards take advantage of the ISM band (Industrial, Scientific, and Medical) radio spectrum that is deemed usable by the public. The 802.11 standard specifically takes advantage of the following RF bands:
The 2.4-GHz band is used for 802.11 and 802.11b networks, providing data rates of 1 to 2 Mbps and 11 Mbps, respectively.
The 2.4-GHz band is also used by the 802.11g networks, providing data rates of up to 54 Mbps.
The 5.8-GHz band is used for 802.11a networks, providing data rates of 5 Mbps, 11 Mbps, and up to 54 Mbps.
The new 802.11n standard (which is currently under development) will also be using the 2.4-GHz or 5.8-GHz band, providing data rates of up to 540 Mbps. The 802.11n standard is projected to be up to 50 times faster than 802.11b and approximately 10 times faster than the 802.11a or 802.11g.
These bands are unlicensed frequency bands (but are regulated by authorities) and are free for use by anyone without restriction as long as they comply with the regulations.
WLAN networks comprise the following basic components:
Wireless Access Point (WAP or AP): An AP is often a hardware device (but it can also be software based) that connects wireless communication devices. WAPs are commonly used to relay data between the wireless and wired network devices and other wired network resources. AP is a two-way transceiver that broadcasts data within a specific frequency spectrum. AP also performs security functions such as authentication and encryption for the wireless clients and data transmission through the wireless network.
Wireless Network Card (NIC): A device such as a workstation or laptop requires a NIC to connect to the wireless network through radio waves. The NIC scans the available frequency spectrum for connectivity and associates the spectrum to an AP.
Wireless bridge: Wireless bridges are optional components that are used to connect multiple LANs (wired and wireless) at the MAC-layer level. Wireless bridges can be used in building-to-building wireless scenarios, because they can cover longer distances than the normal AP. A normal AP without the wireless bridge has a coverage range of up to 1 mile, as specified by the IEEE 802.11 standards. With wireless bridges, this coverage can be extended.
Antenna: The function of an antenna is to radiate the modulated signal through the air so that wireless clients can send and receive transmissions. Antennas are required on both the AP and the wireless client. Access points and wireless devices such as laptops usually have built-in antennas. The range and propagation characteristics of a wireless device are determined by the antenna shape and type, which can be customized for the specific application.
Figure 12-1 shows a basic setup that includes wired and wireless LAN network connections.