Wi-Fi Plays Defense
The new 802.11i wireless LAN security standard is a step forward, but Wi-Fi LANs still aren't impervious to attacks.
Computerworld - Unbounded by the physical constraints of cabling and walls, wireless LANs have proved tricky to secure. Now that the long-awaited 802.11i standard for enhanced WLAN security has been ratified, can IT assume that WLANs have grown as secure as their cabled counterparts?
It will take time for vendors to migrate their products to 802.11i, approved in June, and for IT organizations to adopt them. And the Wi-Fi Alliance won't even start interoperability testing of 802.11i products until next month.
More important, 802.11i represents just the finishing touch to a series of steps in wireless security standards development. Much of it has already been available for about 18 months in an 802.11i subset called Wi-Fi Protected Access (WPA). And while standards-based security technology plays a big part in protecting enterprises, the issues reach beyond a signed set of technical specs.
For example, there's a broad installed base of specialized client devices, such as bar code scanners, that run the MS-DOS operating system. They are not upgradable, even to earlier versions of authentication and encryption, let alone to 802.11i, which requires Advanced Encryption Standard protection. AES will require hardware upgrades - even for far newer products. As enterprises expand their WLANs, these legacy devices might well become the weakest link in the wireless security chain.
And some administrators lack confidence in their ability to properly implement the various pieces of WLAN security, particularly since new attacks regularly make headlines.
Asserts Pete Davis, assistant network engineer for the Spring Independent School District in Spring, Texas, "It requires much time and effort to determine what's real and what's market-speak. There's a lot of FUD [fear, uncertainty and doubt] being spread about wireless security."
The formal 802.11i standard, which includes WPA, does bolster the confidentiality and integrity of WLANs. Tom Hagin, vice president of the wireless business practice at integrator NetXperts Inc. in San Ramon, Calif., says the standard has taken Wi-Fi security "from prepuberty to just past puberty."
"In the past six months, we haven't had anyone say they weren't going to install wireless because it isn't secure. Prior to that, we did," he says.
WPA, available in many WLAN network interface cards (NIC) and access points (AP), was developed after university researchers demonstrated the ease with which hackers could break static encryption keys in the 802.11's Wired Equivalent Privacy (WEP) mechanism in 2001. WPA requires products to rotate encryption keys on a per-packet basis so they are much harder to crack. WPA also uses the industry-standard 802.1x framework for strong user authentication.
And AES, the U.S. government block-cipher standard for 128-bit
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts