Wi-Fi Plays Defense

Computerworld - Unbounded by the physical constraints of cabling and walls, wireless LANs have proved tricky to secure. Now that the long-awaited 802.11i standard for enhanced WLAN security has been ratified, can IT assume that WLANs have grown as secure as their cabled counterparts?
Hardly.
It will take time for vendors to migrate their products to 802.11i, approved in June, and for IT organizations to adopt them. And the Wi-Fi Alliance won't even start interoperability testing of 802.11i products until next month.
More important, 802.11i represents just the finishing touch to a series of steps in wireless security standards development. Much of it has already been available for about 18 months in an 802.11i subset called Wi-Fi Protected Access (WPA). And while standards-based security technology plays a big part in protecting enterprises, the issues reach beyond a signed set of technical specs.
For example, there's a broad installed base of specialized client devices, such as bar code scanners, that run the MS-DOS operating system. They are not upgradable, even to earlier versions of authentication and encryption, let alone to 802.11i, which requires Advanced Encryption Standard protection. AES will require hardware upgrades - even for far newer products. As enterprises expand their WLANs, these legacy devices might well become the weakest link in the wireless security chain.
And some administrators lack confidence in their ability to properly implement the various pieces of WLAN security, particularly since new attacks regularly make headlines.
Asserts Pete Davis, assistant network engineer for the Spring Independent School District in Spring, Texas, "It requires much time and effort to determine what's real and what's market-speak. There's a lot of FUD [fear, uncertainty and doubt] being spread about wireless security."
Technology Headway
The formal 802.11i standard, which includes WPA, does bolster the confidentiality and integrity of WLANs. Tom Hagin, vice president of the wireless business practice at integrator NetXperts Inc. in San Ramon, Calif., says the standard has taken Wi-Fi security "from prepuberty to just past puberty."
"In the past six months, we haven't had anyone say they weren't going to install wireless because it isn't secure. Prior to that, we did," he says.
WPA, available in many WLAN network interface cards (NIC) and access points (AP), was developed after university researchers demonstrated the ease with which hackers could break static encryption keys in the 802.11's Wired Equivalent Privacy (WEP) mechanism in 2001. WPA requires products to rotate encryption keys on a per-packet basis so they are much harder to crack. WPA also uses the industry-standard 802.1x framework for strong user authentication.
And AES, the U.S. government block-cipher standard for 128-bit