provided by: 
Originally published at Internet.comSecurity is an important concern on any network, but it's especially so for a wireless one where information travels back and forth through the air and is open to eavesdrop and intercept by anyone within range. As a result issues surrounding security come up in almost any discussion of implementing a WLAN.
New security techniques and standards are constantly under development, and a comprehensive discussion of security is beyond the scope of this tutorial, but we'll outline some of the security features you can take advantage of to help safeguard your data and protect against unauthorized access to your network.
The method by which WLANs protect wireless data streams today is called Wireless Equivalent Privacy, or WEP. Despite the implication of its name, WEP doesn't really provide privacy equivalent to that of a wired network. As mentioned earlier, a wireless network is inherently less secure than a wired one because it eliminates many of the physical barriers to network access.
The way WEP attempts to overcome this is by encrypting the data transferred between two wireless devices. This could be for example a computer and an access point, two access points, or two computers. A data stream encrypted with WEP can still be intercepted or eavesdropped upon, but the encryption makes the data unintelligible to the interloper, at least in theory. The principle behind WEP is similar to that used by SSL (Secure Sockets Layer) which encrypts data sent between a computer and a Web server, say, when you order something from an online store.
There are different levels of WEP available, depending on the type of hardware you are using. The strength of WEP is measured by the length of the key used to encrypt the data. The longer the key, the harder it is to crack (in terms of the time and computing power required).
The earliest 802.11b implementations provided 40-bit WEP, which was generally regarded as too weak to afford any real protection. Later 802.11b products (like the ones on the market today) strengthened WEP to use 64-bit (which is actually the same as 40-bit) or 128-bit keys.
802.11a products offer those same WEP levels but add a yet higher level--152-bit, while the some of the latest 802.11b+ products often feature 256-bit WEP.
To maximize your security, you should always utilize the highest level of WEP that your hardware supports. Sometimes, if you use hardware from several different vendors, you may find that they support varying levels of WEP. In these cases, you should use the highest level common to both devices. Although generally WLAN products from different vendors communicate with each other just fine, enabling WEP is often a way to expose interoperability problems. If security is your paramount concern, consider getting all of your hardware from a single vendor.
Although the calculations required to encrypt data with WEP can impact the performance of your wireless network, it's generally seen only when running benchmarks, and not large enough to be noticeable in the course of normal network usage. The performance penalty on enabling WEP will generally be a little higher when using a router that incorporates a built-in WLAN access point, because of the added load of WEP encryption on a CPU that is already handing routing and switching functions for Internet sharing. When using a stand-alone access point, the performance penalty is usually imperceptible.
Enabling WEP on your WLAN equipment is not very difficult. Any WEP-enabled router, access point, or NIC will have a WEP configuration section that lets you specify the type of key you want to use as well as the key itself. Most devices let you specify your key using either ASCII (alphanumeric characters) or hex numerals (0-9 annd A-F). If you'd rather let the computer do the work for you, you can usually input a plain-text passphrase (like "monkeyboy") which the device will use to automatically generate the WEP key.
Whichever level of WEP you decide to use, it's crucial to use identical settings--the key length, and the key itself, obviously-- on all devices. Only devices with common WEP settings will be able to communicate. Similarly, if one device has WEP enabled and another doesn't, they won't be able to talk to each other.
Filtering
When considering security on a WLAN, WEP is not the whole story. WEP may obscure the true nature of your data to eavesdroppers, but it doesn't prevent unauthorized computers from getting on your network via your access point. (In fact, WEP encrypts only the data portion of a TCP/IP packet, not the headers, which means that source and destination address of every packet is clearly identifiable.) The job of a WLAN access point is to always broadcast its presence. By default, it grants access to any computer that requests it.
The feature that deals with the issue of unauthorized access is MAC filtering. Every piece of network hardware ever made has a MAC (Media Access Control) address . MAC addresses have the benefit of being both unique (no two network devices have the same MAC address) and permanent (they're "burned" into the hardware, and cannot be changed). A MAC address is an attribute of the NIC, not the computer it's in. Therefore, an access point will grant access to any computer that is using a NIC whose MAC address is on its "allow" list. The only time a MAC address can be absolutely tied to a computer is when, say, a notebook has a built-in WLAN adapter, as some do nowadays.
Wi-Fi routers and access points that support MAC filtering let you specify a list of MAC addresses that may connect to the access point, and thus dictate what devices are authorized to access the wireless network. When a device is using MAC filtering, any address not explicitly defined will be denied access.
You can almost always find a device's MAC address on a label physically affixed to it. If not, go to the computer you need a MAC address from, get a DOS command prompt up by going to the Start Button, selecting Run, then typing "command'. At the prompt type "ipconfig /all" (without the quotes).
In Windows 95/98/ME, you can type "winipcfg" in the Run dialog box to get a list the MAC address of each network card in the system.
Some products take MAC filtering a step further and let you grant or deny access to either the LAN or the WAN (or both). This added flexibility comes in handy if you're trying to control internal computers-- for example, to allow a particular computer access to your internal network but not to the Internet, such as your kid's computer.
Unfortunately, not all WLAN routers and access points provide MAC filtering capabilities, so be sure to check before buying. Some devices let you filter access by IP address, but because IP addresses are not always unique, can be changed, and are easily spoofed, they're not a good basis to control network access.
Security -- Why Bother?
Like the WLAN standards themselves, the security features within them are new and far from foolproof. That doesn't mean, however, that they're worthless and should not be implemented.
Think of it in the following terms-- do you typically leave your car unlocked with the keys in the ignition? Probably not; more likely, you take the keys, lock the doors, and maybe even use a supplemental security feature like an alarm or steering wheel lock. This doesn't guarantee that your car won't be stolen, but it does greatly
Author: Joseph Moran
Read article at Internet.com site