Skip Links

Cracking the wireless security code

By and , Network World
October 04, 2004 12:07 AM ET

Network World - Is it possible to deploy a secure wireless LAN with technology available today? That question preys on the minds of IT executives who are tempted to deploy enterprise WLANs, but are hesitant because of security concerns.

So we assembled 23 wireless products from 17 vendors and ran them through a battery of tests aimed at getting the answer.

Wired Equivalent Privacy (WEP) is very weak in many products, and we don't recommend using it other than in very specialized cases. WEP's successor, Wi-Fi Protected Access (WPA) has flaws but provides solid security when combined with 802.1X authentication and deployed carefully. Ultimately, 802.11i, the standard that replaces WEP and WPA, will provide all the tools needed to protect WLANs.

Also see: Wireless router basics

To their credit, vendors are aggressively shipping products at all prices that support enterprise-class security features. Two-thirds of the products tested support 802.1X, and vendors are moving rapidly to comply with 802.11i standards.

Security picks
In this case, we focused entirely on security, and based on our testing, we drew some conclusions about which products would be the most secure additions to your network.

What we tested
The details on 23 products that we put under a security microscope with our battery of tests.

WEP: Stick a fork in it  
Tests show some vendors are lax about plugging WEP holes.

802.1X: A stepping stone
As an authentication standard for wired networks, 802.1X has a happy side effect when used with WLANs: It gives you per-user, per-session WEP keys.

WPA - An accident waiting to happen
WPA can be a better option. Unfortunately, the easiest way to use it actually makes it easier to crack than WEP.

802.11i: The next big thing
The IEEE standard called Robust Security Networking is a force to be reckoned with.

Security standards aside, lock down your boxes, boys!
To build a secure wireless network, it's not enough to watch the airwaves. You must lock down the access points, much like the rest of your network infrastructure.

Wireless Access Point: Wire-side security testing (PDF)
Find out which of the 15 access points and wireless switch vendors leave the back door to your WLAN wide open.

How to do it: Securing your wireless LAN
We're left with the question: How do you secure your WLAN?

Tools, not standards, that help tie down wireless nets
Security standards aside, wireless gear vendors are peppering their products with other features that can help secure WLANs, including access controls, VPN technologies and tools to locate and lock out rogue users.

Glossary of wireless security terms
A laundry list of terminology used to describe wireless and wireless security.

Explaining TKIP
Temporal Key Integrity Protocol (TKIP), as defined by the IEEE 802.11i specification, addresses the encryption part of the wireless security equation.

How we did it
How we tested the security of various wireless access points and switches.

Read more about wireless & mobile in Network World's Wireless & Mobile section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News