Chapter 14. Authentication and Encryption

WEP provides a basic layer of encryption for traffic in 802.11 networks. But, even beyond the previously discussed problems of WEP, it does not provide authentication or integrity checks of the data on the network. There are several other tools that can be used to bolster the security of the network by providing these services. Using them individually, or in conjunction, can add important safeguards.

This chapter will discuss portals, IPsec, and 802.1x. Each of these performs a different function. Portals are designed to require a high-level authentication, such as a username and password, before allowing traffic out of the local network. IPsec can be used to encrypt and authenticate traffic on a per-packet basis. Finally, 802.1x is used to authenticate connected hardware at layer 2, limiting what devices can utilize a network. 802.1x is also being used to distribute WEP keys for some vendors’ hardware.

Portals

A captive portal is a router or gateway host that will not allow traffic to pass until authentication conditions are met. They see wide use commercially in pay-for-use public access networks, such as those found in hotels and airports. Their operation of a captive portal breaks down to a few simple steps:

  1. Assign a new computer on the network an IP address through DHCP.

  2. Block all traffic, except to the captive portal server.

  3. Redirect any web traffic the new user attempts to the captive portal.

  4. Display terms of use, billing information, ...

Get 802.11 Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.