Beefing Up WLAN Security

By Eric Griffith

July 29, 2002

Wavelink is announcing two security solutions for existing 802.11-based networks -- one is automatic WEP key rotation to keep hackers out, another uses existing clients to find rogue WLANs that are already in.

Kirkland, WA-based Wavelink is announcing today new security solutions for existing business WLANs -- automatic WEP key rotation and rogue WLAN identification -- that don't require a complete infrastructure change to implement.

"IEEE is putting together proposals to solve [security issues], such as TKIP and 802.1X... but there are problems," says Wavelink CEO David Bullis. "It will be a year or so before that's ratified, and a big portion of the installed equipment can't use it, either because they're older or the complexity is too cumbersome."

Wavelink's solution is an addition to its products Avalanche (on the clients and server) and Mobile Manager (on the server for controlling access points). Using a "master key" technology, new WEP (wired equivalent privacy) keys are automatically generated on whatever schedule you set. Because each system knows the master key, client systems don't need to be turned on at all times -- when activated, the client will compute the key needed based on the date and time.

"We've simulated up to 12 years of off time. All the client needs to know is the time of day," says Bullis.

"It doesn't change the 80211 standard, it uses what's there," he adds. It will also work easily with other authentication standards like 802.1X or Cisco's LEAP.

Using a master key means no one can steal your WEP keys easily -- no more passive attacks from RF sniffers. Changing the actual master key does require communication between client and server, however.

Wavelink's WEP key rotation is currently in beta trials, but should be available for download use in Avalanche and Mobile Manager by August 7. The technology has been created to works on products from vendors like Symbol, Cisco, PSC, Fujitsu, Intermec, and others.

The other part of Wavelink's new security is to use the rogue WLANs occasionally setup by employees, whether well intentioned or not, inside an business.

"The problem is there are two classes [of access points]," says Bullis, "the commercial access points that have some control, that you can manage with Mobile Manager, lock down security parameters, [etc.,] and the other class such as D-Link or Linksys that are a transparent MAC layer bridge, they just sit on the network and tie the network to the wireless device.

"What enterprise customers worry about, and it's happened many places even if they don't like to talk about it, is employees bring them in from home and try them in the office. From that point the office is wide open."

Avalanche-based clients can be leveraged to monitor the RF environment they live in for monitoring. The software will tell the Mobile Manager what all the known devices are on the network, then identify foreign wireless devices, and keep track of them for any traffic they generate. Alerts will be sent to IT staff so they can shut down routers to prevent the rogue from getting access -- or barring that, at least let them know where to physically find the rogue access point.

"That's still better than walking around the building to find it," says Bullis.

The rogue WLAN detection is still in testing and will not be part of Avalanche until the fourth quarter of 2002.

Both the automatic WEP key changing and rogue WLAN detection will be free upgrades for existing users of Wavelink Avalanche 3.0 (which works on all version of Windows, DOS, and Palm) and Mobile Manager 5.0. The technology will be included in all future shipping versions of the product.

Eric Griffith is the managing editor of 802.11 Planet.

Got a comment or question? Discuss it in the 802.11 Planet Forums


Comment and Contribute
(Maximum characters: 1200). You have
characters left.