Chapter 4. Cisco Unified Wireless LAN Security Fundamentals

“New Vulnerability Allows Hackers to Penetrate Wireless Networks!” screams the headline in the newspaper or periodical. Perhaps the accompanying article describes some new theoretical vulnerability announced by a security research group that (surprise!) offers wireless LAN (WLAN) security consulting services. Or maybe it’s a WLAN vendor that, quite naturally, not only “discovered” the new vulnerability but also offers the industry’s “only” or “best” solution. Or maybe the accompanying article contains a sensationalistic description of how some “white hat” hacker demonstrated a new tool to exploit a WLAN or network attack vector at a security conference. Quite often, what’s “new” is just a variant of what’s old—a new exploit tool for a well-known vulnerability, for example. But then, every once in a while, articles of this ilk describe a significant new development that gravely impacts the industry.

Unfortunately, many journalists—even those writing for industry and technical publications—struggle to grasp even the fundamentals of WLAN technology, let alone the intricacies and complexities of WLAN security threats and their full ramifications on network design and implementation. It’s shocking how often vulnerabilities common only in consumer WLAN implementations are applied in hysterical, sweeping generalizations to all wireless networks.

This is not to say that there aren’t real security threats with WLAN networks; there definitely are some significant security challenges for WLAN network designers and operators. But the challenges are, for the most part, manageable when reality is filtered out of all the hype and the problem domain is well understood. Indeed, we often observe that the WLANs our customers deploy are more secure than their companion wired networks!

This chapter discusses the fundamentals of wireless LAN security in the context of the Cisco Unified Wireless Network (CUWN). An in-depth discussion and analysis of WLAN security can be its own book. In fact, there are already a number of excellent books available on the topic of WLAN security. Some favorites are listed in the references at the end of this chapter.

This chapter begins with an introduction of the security risks with WLAN technologies and continues with an explanation of technology building blocks that address and mitigate the risks.

When you are done reading this chapter, you should have sufficient background information on WLAN security. The security concepts discussed in this chapter are woven throughout the fabric of the CUWN. Indeed, one of the real benefits of the CUWN architecture is that it simplifies the design, deployment, and operations of security for your WLAN.