802.11 Wireless Networks: The Definitive Guide, 2nd Edition by Matthew S. Gast

From the time that wireless LANs burst on to the scene, they have been inextricably associated with security, or rather, the lack of security. One of the reasons that wireless LAN deployment is such a significant undertaking is that securing an open network medium is a major challenge. Early wireless networks were, with good reason, likened to leaving an open network jack in the parking lot for public use.

Early solutions for restricting access and protecting data were laughable, in part because the lessons of history did not immediately apply. Traditional network security has focused on securing the physical medium to reduce the risk of network attack, but wireless networks are useful precisely because the medium is not locked behind walls and doors. Short of building a massive RF shield around the building, you must assume that the physical layer is open to anybody who wants to access it.

With a network medium that provides negligible physical security, cryptography must be used to protect user sign-ons and the data that flows over established connections. Encryption can be used to establish trust between devices connected only by radio waves. Cryptography helps to establish the user identity, and assure that access points are part of the network they claim to be. Once a user has been authenticated, cryptography assumes its better-known role of scrambling network traffic to prevent traffic interception.

Network security is intertwined with network ...