Wireless network technology allows a mobile user to wirelessly connect to a wired network, such as an enterprise's local area network (LAN) or wide area network (WAN), or to another wireless network. Enterprises today are rapidly deploying wireless technology, in part because of the decreasing cost of mobile devices (e.g., personal digital assistants like the Compaq iPAQ by Compaq Corporation of Houston, Tex. and laptop computers) and wireless access points, and in part because of the increasing ease of installation and deployment, among other reasons. Such wireless network technology can provide LAN and/or WAN service to enterprises' authorized users without wire installation and without tethering users to network connections. Wireless networks typically include mobile devices and wireless access points, which are portals to the wired network. Wireless access points are available with varying degrees of intelligence and functionality. Some merely act as bridges that relay wireless traffic into a wired network, while others provide additional functionality. Typically, simpler access points that provide less functionality cost less, but may not provide features necessary for operation within an enterprise.
Devices that conform to the IEEE 802.11 standard, a family of specifications for wireless networks developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE), are very popular and, particularly, the 802.11b technology has garnered wide acceptance in many businesses as standard networking technology. This technology effectively replaces an Ethernet cable from a router to a computer with a wireless link. Each 802.11b access point can support dozens of mobile devices by sharing 11 Mbps (megabits per second) of capacity. There can be up to three access points working in the same area, and each typically has an indoor range of 80 feet at 11 Mbps and 300 feet at 1 Mbps.
Despite the freedom and convenience provided by wireless networks, establishment of adequate security is a barrier to adoption. Wireless networks introduce a series of new security problems to organizations because physical connection to a network is not required for access. Wireless network signals typically have ranges beyond the physical confines of a building. Any compatible network adapter or access point within the range of an 802.11b access point can join the network. Thus, these networks can potentially make otherwise proprietary resources available to unauthorized users.
To offset the susceptibility of wireless networks to unauthorized accesses, the 802.11b standard provides a security protocol called Wired Equivalent Privacy (WEP). WEP attempts to provide a wireless network with a level of security and privacy comparable to a wired network by providing access control, link privacy and data integrity functions. When WEP is enabled on an 802.11b network, a secure key is entered into each mobile device and this key is used to encrypt and authenticate data.
Many practitioners view the security provided by WEP as inadequate, however, and for many applications users typically implement additional security measures to supplement the deficiencies of WEP. For example, several independent studies have shown that, with relatively minor effort, attackers can gain access to a WEP-secured wireless network by eavesdropping on the network. The studies have also shown that attackers can log on to WEP-enabled networks as bona fide users and send data into the networks without being detected.
To overcome WEP's flaws, industry organizations have recommended using Virtual Private Networks (VPNs) to provide security for wireless networks. Unfortunately, the currently available VPNs introduce additional implementation challenges. For example, some implementations require access points to be directly wired to a single VPN server (normally located in a central equipment room). VPNs typically provide only binary access to the organization's network, meaning a mobile device user can either have a complete access to the protected network or none at all. Further, a single 11 Mbps 802.11b access point can have an effective throughput of approximately three times more than the capacity of a T1 connection, which is the connection typically supported by some existing VPN servers. Thus, wireless network users might overload the VPN server, resulting in poor performance for both the wireless network and mobile device users.