Wi-Fi security in transition

* Enterprises using old Wi-Fi security need to seek budget for upgrades

We're all pretty much aware that 802.11 Wi-Fi has gone through several security transitions in its basic encryption/authentication mechanism. Most enterprises upgrade to the latest versions as they buy the newest products, which support the highest form of 802.11 security, 802.11i. 802.11i is also called Wireless Protected Access (WPA) 2 and uses a form of AES encryption.

But many companies have products kicking around that use older versions of security, including Wired Equivalent Privacy (WEP) and WPA, the precursor to WPA2 that uses Temporal Key Integrity Protocol (TKIP) for encryption. Many companies have been running WPA Mixed Mode, a proprietary technique used by Cisco and others to enable coexistence of older clients with newer access points (AP) supporting the enhanced security.

That's changing. Because the Wi-Fi Alliance (along with the rest of the industry) deems WEP and WPA to be inherently insecure, it is now instituting a phased plan to prohibit the older protocols from its product certification testing. Here are the phases:

* Jan. 1 2011: The Alliance will prohibit WPA (the version with TKIP for encryption) as a sole encryption method in APs it certifies. However, it will allow a transitional mode called WPA2 Mixed Mode (TKIP + AES) to exist in the devices.

* Jan. 1, 2012: The Alliance will prohibit WPA/TKIP in client devices in addition to APs.

* Jan. 1, 2013: WEP will be prohibited from Alliance-certified APs.

* Jan.1, 2014: WEP will be prohibited from Alliance-certified clients, in addition to APs. WPA2-Mixed Mode will also be prohibited."Support for WPA2 has been required of all Wi-Fi CERTIFIED products since 2006, so the majority of devices in use by the time the changes take effect will support the most advanced Wi-Fi security technology," according to a statement from the Alliance.

"Businesses whose networks still employ older encryption algorithms like TKIP should plan a migration roadmap for their networks now."

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Must read: 10 new UI features coming to Windows 10