Security Improvement in IEEE 802 11 Wireless LAN in MAC Network Layer

Abstract

Wireless Local Area Networks (WLANs) have become very popular due to their high data rates, cost effectiveness, flexibility and ease of use. On the other hand, they are facing major security threats due to the broadcast nature of the wireless media. WLANs with infrastructure mode are deployed as an extension to wired LANs, so it is necessary to be secured to avoid being a back door to the wired network. Wireless LAN security is an important and compound issue. Although WLANs are providing flexibility and low cost, it is exposed to the danger of hacking if the security doesn t be achieved. newlineThe proposed solution works in two levels, namely, the frame security and the Radio Frequency (RF) security. It differs from the other solutions because it works in the two WLAN security levels. WPA/WPA2 encryption, AES, and strong 802.1x authentication are integrated into the solution to provide a high level of security. This research has been done with real hardware in a lab environment. Finally, the strength of the proposed solution is examined with different penetration tests. newlineThe WEP protocol does not achieve the standard security requirements. This paper proposes a security solution that works into two levels, namely the frame level and the RF level. The proposed solution incorporates AES encryption, in conjunction with 802.1x authentication Free RADIUS server, provides a required frame security level for WLANs. It achieves the standard security requirements because AES offers the standard confidentiality and integrity and free RADIUS server offers the required authentication, access control, and non-repudiation. To achieve the full availability, the RF security level must be achieved. Detecting and preventing attackers are the best solution to achieve the RF security level. WIDS software detects the rogue access points and illegal hotspots. There are many kinds of WIDS software as kismet, airdrop and snort IDS. Also, WDS protects the network from hacking, whether intended or not intended as viruses and Trojans.