A number of new security solutions and protocols, such as Virtual Private Networking (VPN) and Extensible Authentication Protocol (EAP) are emerging. With EAP, the access point does not provide authentication to the client, but passes the duties to a more sophisticated device, possibly a dedicated server, designed for that purpose. Using an integrated server VPN technology creates a tunnel on top of an existing protocol such as IP. This is a Layer 3 connection as opposed to the Layer 2 connection between the AP and the sending node.

• EAP-MD5 Challenge – Extensible Authentication Protocol is the earliest authentication type, which is very similar to CHAP password protection on a wired network.
• LEAP (Cisco) – Lightweight Extensible Authentication Protocol is the type primarily used on Cisco WLAN access points. LEAP provides security during credential exchange, encrypts using dynamic WEP keys, and supports mutual authentication.
• User authentication – Allows only authorized users to connect, send and receive data over the wireless network.
• Encryption – Provides encryption services further protecting the data from intruders.
• Data authentication – Ensures the integrity of the data, authenticating source and destination devices.

VPN technology effectively closes the wireless network since an unrestricted WLAN will automatically forward traffic between nodes that appear to be on the same wireless network. WLANs often extend outside the perimeter of the home or office in which they are installed and without security intruders may infiltrate the network with little effort. Conversely it takes minimal effort on the part of the network administrator to provide low-level security to the WLAN.

Web Links The Guts of WLAN Security Policy http://www.80211-planet.com/tutorials/ article.php/ 149915