dcsimg

Microsoft's Security Bid

By Ed Sutherland

http://www.wi-fiplanet.com/columns/article.php/3102561/Microsofts-Security-Bid.htm (Back to article)

Will software giant Microsoft's recently announced Wireless Provisioning Services (WPS) solve the nagging issues of security and configuration for Wi-Fi hotspot users and providers? Experts are already suggesting caution.

Unveiled Oct. 12 at ITU Telecom World 2003 in Geneva, Switzerland, the Redmond, Wash.-based company claims its upgrade to Windows XP and Windows Server 2003 software will improve security and configuration, long a problem for Wi-Fi hotspot users and operators.

The problems are well known. For users, especially business people using Wi-Fi to connect to their corporate LANs, security is paramount as tales spread of sensitive data being snatched out of the air by wireless hackers. Hotspot providers, such as T-Mobile Hotspot and others, see heightened Wi-Fi security as one path to increased corporate use.

Not far behind Wi-Fi security, is the headache of connecting and configuring a hotspot session. Hotspot users have been faced with the repeated entry of login information while operators have dealt with the quandary of billing. Microsoft's WPS hopes to ease the burden by automatically identifying users, establishing a connection and providing easy billing options.

Wi-Fi hotspot sessions, says Microsoft, will be secured by Wi-Fi Protected Access, the protocol developed by the non-profit Wi-Fi Alliance to replace the much-demeaned wired equivalent protocol (WEP) as a stepping stone to the long-awaited 802.11i security protocol.

The public Wi-Fi sessions will also be secured using 802.1X authentication, which employs protocols authenticating a user's identity.

WPS will require Windows XP for laptop hotspot users and Windows Server 2003 for hotspot operators. The client and server updates will be available free in the first quarter of 2004.

T-Mobile Hotspot, the largest hotspot operator in the United States with 3,000 sites, says it will use a beta of WPS in selected areas to start, and "the 802.1X security standard will be available at all T-Mobile Hotspot sites by the second quarter of 2004," according to Bryan Zidar, a T-Mobile spokesman.

Other hotspot providers and aggregators, including Boingo, Cometa and iPass, have announced their support for Microsoft's latest Wi-Fi venture.

To start, T-Mobile users will have to have Windows XP to use the WPS, but T-Mobile says it intends to eventually release security software for non-Windows XP users. Fans of Linux and other operating systems must rely on virtual private networks or third-party 802.1X clients such as those from Funk Software.

The need for hotspot users to employ Windows XP for their Wi-Fi security is just one of the issues making analyst doubt WPS is the answer.

While saying "it is a step in the right direction," Allen Nogee, analyst for In-Stat/MDR, says WPS "only helps Windows users at hotspots, and not users of PDAs and small handhelds."

Microsoft's Wi-Fi package is too little, too late, according to Julie Ask, analyst for JupiterResearch . Wireless Provisioning Services "helps a subset of their (Microsoft's) customers, but not consumers broadly," says Ask. "I would like to see them do more. I'd like to see WPS work with other operating systems. For sophisticated users, WPS "takes away control," according to Ask.

Ask believes Wi-Fi provisioning software must work with many companies -- not just one -- to really take off. "Apparently, some of the better client applications will be adopted in 2004," says Ask.

So, what are the experts suggesting to hotspot users looking for security? Considering Microsoft's track record, don't totally rely on WPS.

"I think users would be smart to only use WPS for provisioning and not to rely upon it for their full security," says Nogee. "A VPN is the best bet for security, wireless or not."