Searching for Wi-Fi Security Solutions - Page 2
July 14, 2003
The Ideal, Integrated Security Solution
For Wi-Fi to be successful, access control must be easy to implement with minimal operations impact, capital outlay, and labor expenses. Vendors who highlighted access control often stressed the need for integrated enterprise network management of Wi-Fi and wired technologies. RADIUS is the most popular back-end technology in these vendors’ architectures, although not the only one.
Many vendors also address the need for scalability. Because Wi-Fi hosts are mobile, the access control systems perform more transactions per Wi-Fi host than an equivalent wired host. In addition, mobility highlights issues that are not usually factors in wired networks, such as controlling access based on physical location and network loading rather than just identity.
Unfortunately, the standards for wireless LAN security are in a state of flux. The original 802.11 standard includes a mechanism called “Wired Equivalent Privacy” (WEP) as an option. While WEP does address the encryption of keys, it doesn't address key distribution, a major weakness. Various other criticisms have been leveled at the WEP architecture design as well, and as a result, the IEEE has gone back to the drawing board.
The IEEE 802.11i task group has been working on a new standard for MAC Enhancements for Enhanced Security. Draft 4.0 was circulated for votes in June. In the meantime, some vendors have extended or altered the implementation of WEP in their products. To add to the confusion, Cisco has introduced its own proprietary standard (LEAP), and the Wi-Fi Alliance has promoted the use of Wi-Fi Protected Access (WPA) for pre-802.11i equipment.
Should you invest in wireless technology or wait for the industry to mature a bit more? The wireless industry is still young; with so many start-ups, industry consolidation is inevitable. Some vendors will be acquired, while others simply will not survive. Since there is no way to be certain what will happen to your equipment’s vendor, buying standards-based products is a form of life insurance for your capital investment in Wi-Fi.
It's good to see that the industry is finally putting security front and center. With the IEEE task force working on additional security enhancements, the quality of wireless product security will only improve. Still, unless you have very strong security requirements, today’s wireless security will be “good enough” to meet your needs. Just make sure you purchase products that comply with the latest 802.11 standards — and for goodness sake, do not forget to properly configure and enable the security features!
IEEE P802.11 – The Working Group for Wireless LANs (follow links for 802.11i information)
Wi-Fi Alliance’s Wi-Fi Protected Access (WPA) Site
Jupiterevents (for upcoming 802.11 Planet events)
Beth Cohen is president of Luth Computer Specialists, Inc., a consulting practice specializing in IT infrastructure for smaller companies. She has been in the trenches supporting company IT infrastructure for over 20 years in a number of different fields, including architecture, construction, engineering, software, telecommunications, and research. She is currently consulting, teaching college IT courses, and writing a book about IT for the small enterprise.
Debbie Deutsch is a principal of Beech Tree Associates, a data networking and information assurance consultancy. She is a data networking industry veteran with 25 years experience as a technologist, product manager, and consultant, including contributing to the development of the X.500 series of standards and managing certificate-signing and certificate management system products. Her expertise spans wired and wireless technologies for Enterprise, Carrier, and DoD markets.