- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Wi-Fi phones are still awaiting the Wi-Fi fast-roaming standard, 802.11r, to allow them to catch up to the enterprise-class security capabilities of data devices.
802.11r was once anticipated for completion in late 2006, but we’re now looking at spring 2008 for final IEEE 802.11 Task Group R final board approval.
802.11r aims to minimize the interaction between Wi-Fi access points and backend RADIUS authentication servers by standardizing how some client credentials are cached in an AP. RADIUS authentication is required for 802.11i Wi-Fi Protected Access 2-Enterprise Mode (WPA2-EM) security, and WPA2-EM requires client re-authentication by the centralized server every time an AP handoff occurs.
The idea behind 802.11r is to speed up the handoff of a user client device and associated credentials from one AP to another when the user roams or the client re-associates with a new AP for other reasons. Today’s WPA2-EM re-authentication times can inject too much delay into the handoff process for voice to tolerate, notes Ben Guderian, a vice president at Polycom/SpectraLink, a veteran in wireless telephony for businesses.
Once 802.11r is ratified and supported in handsets and APs, WPA2-EM, which uses the 802.1x security framework, should theoretically work in Vo-Fi deployments.
In the interim, some Wi-Fi companies, such as Cisco, support proprietary fast-roaming capabilities. And most Vo-Fi-capable handsets support WPA2-Personal Mode, also called Pre-Shared Key (PSK) mode. WPA2-PSK affords pretty strong security, but requires some tradeoffs for usability. Its main foible is that it shares a single passkey among all APs in the Wi-Fi network, so a compromise in the passkey would threaten the entire network.
The good news is that, unlike earlier 802.11 security versions, the key isn’t sent over the air, and it is not discoverable by backing out of the data transmitted, says Guderian.
“The biggest risk is that an administrator puts the passkey on a Post-It note and someone reads it,” he says.
Rss FeedRss Feed
I think he should demand that at least one network engineer be on the jury. Very few other people would...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment