Conventional local area networks (LANs) use wires or optical fibers as the common carrier medium. However, due to improved data rates and decreasing equipment prices, businesses are rapidly adopting wireless LANs as a cost effective networking solution. Using wireless LAN technology, businesses can easily solve end user, or client, requests and provide immediate connectivity without having to install wiring as employees move within buildings or from building to building. Thus, employees may be connected to the network whether they are at or away from their desks. In addition, additions and changes to a wireless LAN are relatively easy to implement.
However, although wireless LANs may be easier to deploy and less expensive than traditional wired networks, they are inherently less secure than wired networks since wired networks may be at least partially located inside a building that can be protected from unauthorized access. Wireless LANs, which involve communication over radio waves, do not have the same physical protection and therefore are more vulnerable to attacks. In essence, everything that is transmitted or received over a wireless network can be intercepted. A major security issue with wireless LANs is that data being communicated may radiate beyond the area physically controlled by the business. For example, 802.11b radio waves at 2.4 GHz easily penetrate building walls and may be received up to several blocks away. An attacker located some distance from the building may passively capture, or sniff, traffic being communicated over the wireless LAN. In particular, an attacker may capture user name and password information regarding an authorized user. The attacker can then use this captured information to masquerade as the authorized user in order to gain access to the wireless LAN. In addition, if the attacker can sniff the wireless traffic, he may also be able to inject false traffic into the network. Thus, the attacker may be able to issue commands on behalf of the authorized user by injecting traffic into the network and hijacking the authorized user's session. Using this technique, the attacker may trick the network into passing sensitive data from the backbone of the network to the attacker's wireless station. The attacker may thus gain access to sensitive data that normally would not be sent over the wireless LAN.
Another security risk of using wireless LANs involves unauthorized devices being placed on the wireless LAN. For example, an internal employee wanting to add his own wireless capabilities to a wired network may plug his own base station or access point into the wired network. This may create a security risk if the added access point has not been properly configured, as attackers may gain access to the network through the unauthorized access point. Alternatively, an attacker may physically place a base station or access point on the network providing the attacker remote access to the network using wireless communications.