Securing WLANs still a hit or miss proposition

Securing wireless LANs is a growing challenge with no easy solutions.

The need to spend time, money and staff to beef up security is hobbling the technology, even so customers still spent $1.68 billion on wireless gear in 2002 and are expected to spend $2.72 billion by 2006, according to Infonetics Research.

The IEEE is expected to fix wireless LAN security flaws by year-end with a new standard to be called 802.11i. That will purportedly clear up the problems identified with its predecessor called Wired Equivalent Privacy (WEP), namely that its authentication messages are forged easily and its encryption keys are poorly protected.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Securing wireless LANs is a growing challenge with no easy solutions.

The need to spend time, money and staff to beef up security is hobbling the technology, even so customers still spent $1.68 billion on wireless gear in 2002 and are expected to spend $2.72 billion by 2006, according to Infonetics Research.

The IEEE is expected to fix wireless LAN security flaws by year-end with a new standard to be called 802.11i. That will purportedly clear up the problems identified with its predecessor called Wired Equivalent Privacy (WEP), namely that its authentication messages are forged easily and its encryption keys are poorly protected.

In the meantime, users that require secure wireless LANs are turning to supplemental security, which falls into two camps: IP Security (IPSec) remote-access VPN gear and equipment made by a pack of mainly young companies specializing in wireless LAN security, among them Bluesocket, Cranite Systems, Fortress Technologies, ReefEdge and Vernier Networks.

While IPSec addresses the security problems, it is not perfect and brings along all the shortcomings it has in a wired network.

For example, the technology handles only IP traffic, not IPX or Appletalk. It requires client software on all the remote machines. IPSec tunnels are point-to-point, so multicasting traffic wastes a lot of bandwidth setting up all those tunnels.