WLAN Security

Being that an Access Point (AP) is a finite resource, with only so many supportable stations, it is important to secure station access authentication.  In addition, there is a need for data encryption to prevent compromise and the risk of log-in and/or password capture.   While the use of VPN’s help ensure safe data exchange for corporate applications, they are expensive solutions, not available to everyone and not preventing network spoofing and unauthorized access to access points such as those found at Public Access Wireless LAN (PAWLAN) hot spots.

WLAN Security Methods

One method for providing WLAN security is called Universal Access Method (UAM), which involves the use of a Public Access Gateway (PAG), which intercepts a user’s HTTP traffic, redirecting that traffic to a default log-in page.  This allows the PAWLAN provider to funnel all usage requests for authentication, authorization and payment, relying on SSL for security.

802.1X

Central to the security mechanisms employed by 802.1X involve communication utilizing the Extensible Authentication Protocol (EAP) between the Supplicant (client device such as a laptop to be authenticated) and an Authentication Server. The security framework for 802.1X utilizes three different methods for EAP communication, which are EAP-TLS, Protected EAP (PEAP), and tunneled TLS.  All three methods use a TLS as a secure channel and digital certificates for authentication and encryption. 

EAP TLS entails wrapping TLS records within EAP payloads.  In contrast, PEAP first establishing a TLS session as a means of protecting a separate EAP exchange between client and sever.