A service set identifier (SSID) identifies a wireless network. It is the friendly name displayed to network users. For example, an organization might have two SSIDs: AcmeWidgets-Employees and AcmeWidgets-Guests, designated for their private and guest networks. All APs within range display their SSIDs, if they aren’t configured to hide them.

Some APs may have security enabled, such as Wi-Fi Protected Access (WPA). An attacker can connect directly to an access point if no security or access controls are configured on the AP. This creates an enormous risk to an organization and all of the information maintained on the internal network.

Enabling the MAC address table on a wireless AP limits the devices that are able to connect directly to it. For example, a building may hold a single company on each floor, and each of these companies may have several access points. Allowing the company on the 7th floor to get on the company’s network on the 8th floor is a security risk. Security may be enabled on each of the APs, but directly limiting the devices that are able to connect with the APs provides in-depth defense. In practice, very few companies use MAC address filtering because of the heavy burden of maintaining MAC tables each time the organization purchases a new device.

WEP was designed to provide encryption between an access point and a client. The WEP algorithm uses a secret key to protect the confidentiality of the information between the two devices attempting to connect. Tools were developed shortly after the release of WEP to break its encryption. If an attacker uses such tools and the encryption fails, the communication between the AP and the client is in cleartext. WEP uses a fixed 40- or 104-bit encryption scheme and a 24-bit initialization vector (IV) as the two components of its secret key. The IV is relatively short, so when an attacker monitors a network, the key shows repetitions and enables the attacker to obtain the base key. Using a short IV causes these encryptions to break. Therefore, it is strongly advised not to use WEP.

WPA provides much greater security than WEP. WPA was developed in 2003 by the Wi-Fi Alliance and is now in its third version. The different WPA standards include:

• WPA, released in 2003, implemented the Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC) in order to tackle the inherent security problems with WEP. TKIP replaced the WEP encryption key with a 128-bit-per-packet key. WPA dynamically generates keys and removes the predictability that was inherent to WEP keys. WPA also includes MIC, designed to prevent an attacker from capturing, altering, and resending data packets.
• WPA2, released in 2004, replaced TKIP with the use of the Advanced Encryption Standard (AES) through the Counter Mode Cipher Block Chaining Message Authentication Protocol (CCMP).
• WPA3, released in 2018, continues to use CCMP but adds a new approach for initial authentication on nonenterprise networks using the Simultaneous Authentication of Equals (SAE) approach for establishing connections.

Having access to WLANs may require you to accept certain risks or agreements that the work being done on the network will not compromise the network or the organization that the network belongs to. A banner message may appear before the organization allows you access to other resources. This protects the party providing the wireless connection and ensures that whatever activities occur on the network are not something the organization supports.

For example, Alexandra may use the WLAN at her local coffee shop to snoop on other systems using those access points. The coffee shop does not agree with Alexandra doing this, but the shop is not capable of monitoring her work. The coffee shop, or its Internet service provider (ISP), can add a disclaimer letting others know that there are security risks to being on the WLAN. The warning provides transparency to customers and removes liability for the coffee shop.