11i security standard for
WLANs using 802.1x authentication and improvements to WEP encryption. The newer
key-hashing TKIP versus Cisco Key Integrity Protocol and message integrity check (MIC
versus Cisco MIC) had similar features but were not compatible.
Today, 802.11i has been rati?¬?ed, and Advanced Encryption Standard (AES) has replaced
WEP as the latest and most secure method of encrypting data. Wireless Intrusion Detection
Systems are available to identify and protect the WLAN from attacks. The Wi-Fi Alliance
certi?¬?es 802.11i devices under WPA2.
Wireless Client Association
In the client association process, access points send out beacons announcing one or more
SSIDs, data rates, and other information. The client sends out a probe and scans all the
channels and listens for beacons and responses to the probes from the access points. The
client associates to the access point that has the strongest signal. If the signal becomes low,
the client repeats the scan to associate with another access point (this process is called
roaming). During association, the SSID, MAC address, and security settings are sent from
the client to the access point and checked by the access point. Figure 3-6 illustrates the
client association process.
Pages:
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319