Wireless security: The case for VPNs

Computerworld - If you talk with any one of the growing multitudes of people using Wi-Fi technology today, you'd think you were listening to an infomercial. The response and adoption has been that good. The technology is being liberally embraced everywhere, from the traditional enterprise to universities, airports and malls. Despite the positive response, the Achilles' heel of the technology, either real or imagined, has always been the notion of security.
Historically, Wi-Fi technologies have been driven by the IEEE 802.11 working groups, which have undertaken much of the heavy lifting involved in making interoperable wireless local-area networking possible. Despite their remarkable achievements in this space, one of the trade-offs, from a technology standpoint, has been security.
As such, the initial solution was a rather meek approach called 40-bit WEP, or Wired Equivalent Privacy. WEP, the security mechanism initially built into all standard 802.11 products, encrypts data on the wireless network but is flawed because it reuses the same encryption key, which could allow a hacker to figure out that key from a small amount of traffic. This is causing security-conscious network managers to sprout premature gray hairs. Wi-Fi access to the LAN puts critical information out in the open and has the potential to provide further LAN exposure to unauthorized parties. Because of this and all that has gone on domestically and geopolitically over the past couple of years, there has been reluctance by some enterprises and government agencies to adopt the technology.
To allay many of these fears and to encourage adoption, the IEEE has been working on a task team for a security standard to be called 802.11i. However, a ratified standard is still some time away. The Wi-Fi Alliance (WFA) provided a sneak peek of 802.11i in an approach called Wi-Fi Protected Access (WPA), which has been a good start. Interoperability testing is under way, and WFA- and WPA-certified products are expected to hit the market in the next several months.
Despite the progress, this approach still isn't exactly what enterprises, government agencies and service providers need. Specifically, there are concerns over support for operating systems (other than Windows XP), and there are also concerns over installation and integration with other enterprise technologies such as Remote Authentication Dial-In User Service servers. The WPA standard is also under investigation by a number of security experts who have found some possible problems, such as "man in the middle" attacks, whereby a hacker can pose as a rogue access point and hijack a user session.
How VPNs fit
The approach to