Wi-Fi Plays Defense
The new 802.11i wireless LAN security standard is a step forward, but Wi-Fi LANs still aren't impervious to attacks.
Computerworld - Unbounded by the physical constraints of cabling and walls, wireless LANs have proved tricky to secure. Now that the long-awaited 802.11i standard for enhanced WLAN security has been ratified, can IT assume that WLANs have grown as secure as their cabled counterparts?
It will take time for vendors to migrate their products to 802.11i, approved in June, and for IT organizations to adopt them. And the Wi-Fi Alliance won't even start interoperability testing of 802.11i products until next month.
More important, 802.11i represents just the finishing touch to a series of steps in wireless security standards development. Much of it has already been available for about 18 months in an 802.11i subset called Wi-Fi Protected Access (WPA). And while standards-based security technology plays a big part in protecting enterprises, the issues reach beyond a signed set of technical specs.
For example, there's a broad installed base of specialized client devices, such as bar code scanners, that run the MS-DOS operating system. They are not upgradable, even to earlier versions of authentication and encryption, let alone to 802.11i, which requires Advanced Encryption Standard protection. AES will require hardware upgrades - even for far newer products. As enterprises expand their WLANs, these legacy devices might well become the weakest link in the wireless security chain.
And some administrators lack confidence in their ability to properly implement the various pieces of WLAN security, particularly since new attacks regularly make headlines.
Asserts Pete Davis, assistant network engineer for the Spring Independent School District in Spring, Texas, "It requires much time and effort to determine what's real and what's market-speak. There's a lot of FUD [fear, uncertainty and doubt] being spread about wireless security."
The formal 802.11i standard, which includes WPA, does bolster the confidentiality and integrity of WLANs. Tom Hagin, vice president of the wireless business practice at integrator NetXperts Inc. in San Ramon, Calif., says the standard has taken Wi-Fi security "from prepuberty to just past puberty."
"In the past six months, we haven't had anyone say they weren't going to install wireless because it isn't secure. Prior to that, we did," he says.
WPA, available in many WLAN network interface cards (NIC) and access points (AP), was developed after university researchers demonstrated the ease with which hackers could break static encryption keys in the 802.11's Wired Equivalent Privacy (WEP) mechanism in 2001. WPA requires products to rotate encryption keys on a per-packet basis so they are much harder to crack. WPA also uses the industry-standard 802.1x framework for strong user authentication.
And AES, the U.S. government block-cipher standard for 128-bit
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- Building an Intelligence-Driven Security Operations Center The openness of today's networks and the growing sophistication of advanced threats make it almost impossible to prevent cyber attacks and intrusions.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!