beautypg.com

Association, Other related frames, Wlan data security – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 259

background image

31-5

Figure 31-6 Shared key authentication process

Association

A client that wants to access a wireless network via an AP must be associated with that AP. Once the

client chooses a compatible network with a specified SSID and authenticates to an AP, it sends an

association request frame to the AP. The AP detects the capability information carried in the association

request frame, determines the capability supported by the wireless client, and sends an association

response to the client to notify the client of the association result. Usually, a client can associate with

only one AP at a time, and an association process is always initiated by the client.

Other related frames

1) De-authentication

A de-authentication frame can be sent by either an AP or wireless client to break an existing link. In a

wireless system, de-authentication can occur due to many reasons, such as:

Receiving an association/disassociation frame from a client which is unauthenticated.

Receiving a data frame from a client which is unauthenticated.

Receiving a PS-poll frame from a client which is unauthenticated.

2) Dissociation

A dissociation frame can be sent by an AP or a wireless client to break the current wireless link. In a

wireless system, dissociation can occur due to many reasons, such as:

Receiving a data frame from a client which is authenticated and unassociated.

Receiving a PS-Poll frame from a client which is authenticated and unassociated.

A dissociation frame is either unicast or broadcast.

WLAN Data Security

Compared with wired networks, WLAN networks are more susceptible to attacks because all WLAN

devices share the same medium and thus every device can receive data from any other sending device.

If no security service is provided, plain-text data is transmitted over the WLAN.

To secure data transmission, 802.11 protocols provide some encryption methods to ensure that devices

without the right key cannot read encrypted data.

1) WEP

encryption

Wired Equivalent Privacy (WEP) was developed to protect data exchanged among authorized users in

a wireless LAN from casual eavesdropping. WEP uses RC4 encryption for confidentiality. WEP

encryption falls into static and dynamic encryption according to how a WEP key is generated.