Your Best Defense Against an Attack

802.11 uses spread-spectrum technology, which sounds almost like background
noise to the average person. However, someone skilled in eavesdropping
techniques can determine the transmission parameters of the
802.11 signal in order to decode the spreading code and put it into
usable form.
One form of protection is to shield your facility by limiting the range
of your wireless equipment to those inside your corporate facilities only.
See Figure 3.5.
For example, frequency-hopping spread spectrum (FHSS) hops over
75 different frequencies with respect to a somewhat random code
sequence that both the transmitter and receiver lock onto. There are 22
distinct hopping patterns, selected by the transmitter using a designated
type of code. The receiver can detect a hop pattern and then synchronize
to the transmitter. The idea is to keep the pattern changing by
resetting the devices at specified intervals. This is one form of defense to
protect your FHSS pattern from being detected and used to listen in on
your network traffic.
In direct-sequence spread spectrum (DSSS), each data bit is segmented
into the signal in chips that are then migrated into a waveform transmitted
over several different frequencies. The receiver then blends the
chips to decode the original data signal. 802.11b uses 64 eight-bit code
words to segment the signal. When trying to listen in on that signal, the
hacker sees the DSSS signal as background wideband noise. Your
defense is to try to use several DSSS signals to make it appear that you
have overlapping 802.11b devices. While this may not prevent eavesdropping,
it makes it difficult to pick out one access point among many.
It is sometimes best to use a combination of the these two types of
systems to confuse any would-be attacker; this results in a better
method of defending your system against hackers interested in eavesdropping
on your systems. When dealing with FHSS, the hacker needs
to know the hopping patterns used in your wireless transmissions.
When dealing with systems running DSSS, the hacker needs to know
the chipping code or code words present in either 802.11 or 802.11b. In
addition, regardless of which method you deploy, the hacker must know
the frequency band and modulation to decode the transmitted data signal
correctly.

Since radio transmissions use a type of data scrambling for the purpose
of better timing and decoding of radio signals, the hacker must
know the specific pattern that he needs to decode information intercepted
from your WLAN. Another benefit in defending you is that neither FHSS
nor DSSS is interoperable; even though these two different types of systems
are using the same type of wireless transmission, they are not able
to communicate if they are using different frequency bands. DSSS is not able to talk to another system using DSSS if they are functioning on two
different frequencies. In addition, the hacker cannot use any given
spread-spectrum type of attack to intercept radio transmission by any
other mode of transmission. The hacker is also not able to intercept radio
transmissions without knowing the exact frequency used, regardless of
whether he or she owns a compatible 802.11 receiving device.
The main factor in keeping 802.11 secure from hackers is to make certain
that your hopping pattern or chipping code is not known to the hacker.
If the hacker does gain knowledge of these parameters (which are published
in the 802.11 standard) he could devise a method to determine your
modulation. This information can provide the hacker with the ability to
create a receiver to intercept and read the signals from your network.
There are numerous benefits in your spread-spectrum technology
that make it very difficult for the majority of interested hackers, so
802.11 is a reasonably secure platform for your WLAN.
The entire concept of spread-spectrum technology is to reduce the
amount of interference from other radio devices by spreading radio signals
over a huge range of frequencies. However, it is still possible for a
hacker to jam your signals. Your defense against this type of attack is to
insulate the exterior of your building so that radio signals from outside
the walls of your corporate WLAN have great difficulty in penetrating or
disrupting your network. This defense works two ways; insulating your
walls with shielding materials not only blocks out jamming devices, but
also serves to isolate your WLAN and make it much, much more difficult
to eavesdrop or log onto your network from any great distance
beyond your parking lot.
One of the more interesting defenses of your WLAN is to avoid using
radio waves in favor of using infrared types of transmissions. You can
use the same type of wireless connectivity, but you need to be in range
using line of sight to the infrared transmitter. There are numerous limitations
to these types of transmissions, but it is valid to point out that
with a good bit of strategy and placement you can effectively make it
exceedingly difficult for someone to compromise your WLAN.