Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS

Wireless/Mobile /
Send to a friend Feedback

802.11 insecurity

Related linksToday's breaking news
Send to a friendFeedback

By Michael Hurwicz
Network World, 05/20/02

Security is still the main problem holding back deployment of all 802.11 products.

Many efforts are being made to solve the security issue, including encryption enhancements, VPN, authentication and the IEEE 802.11i standard. However, many users are still in "wait-and-see" mode because the security solutions are too expensive, too difficult to manage and not yet standardized enough.

Security issues for 802.11 have focused on Wired Equivalent Privacy encryption, which was demonstrated in 2001 to be hackable.

Here's an analysis of the available security options:

  • Media access control (MAC) attacks: One solution that is easy to implement -- but, unfortunately, fairly easy to defeat -- is configuring access points to permit only particular MAC addresses onto the network. Limiting permissible MAC addresses is a useful precaution. However, MAC addresses are easy to fake.

  • IEEE 802.1X: This standard, supported by Windows XP, defines a framework for MAC-level authentication. Unfortunately, two University of Maryland researchers recently noted serious flaws in client-side security for 802.1X.

  • VPNs: An approach that has great theoretical appeal is using a VPN to encrypt data on wireless networks. However, VPNs require a lot of management and client configuration.

    The ABGs of wireless LANs
    Technology tussle

  • Authentication: Another potential defense against airborne hackers is user authentication. Handspring experimented with software from Vernier Networks for authenticating users, as well as assigning rights for accessing the network based on factors such as location, time and job title. The system was useful, but Handspring decided that authentication alone, without strong encryption, was insufficient.

  • TKIP: The IEEE 802.11i committee has defined the Temporal Key Integrity Protocol (TKIP) as an interim standard, compatible with existing wireless networks, and designed to provide "good enough" security, pending a stronger standard. TKIP has been tested intensively, but has had a shorter testing period than usual for a critical security standard.

  • AES: Stronger wireless security will likely come with a 802.11i standard that includes Advanced Encryption Standard (AES) encryption. Unfortunately, an AES-based standard has yet to be approved and will require new hardware.

  • Nonstandard solutions: A number of small companies offer wireless security solutions that might be effective but have not been standardized or widely deployed. For instance, NextComm provides "key-hopping" technology that can change the encryption key as often as every few seconds. The idea is that by the time a perpetrator can extract a key, a different key will be in use.

    • Related Links

    Hurwicz is a freelance writer in Eastsound, Wash. He can be reached at michael@hurwicz.com.

    Buying wireless wares
    Aggressive pricing and new technology strengthen your hand in bargaining for wireless LAN gear. Network World, 05/20/02.

    A guide to wireless LANs
    Network World, 03/25/02.

    Down and dirty with Wireless LAN security
    The 3-year-old Wired Equivalent Privacy (WEP) protocol has been discredited so thoroughly that its authentication and encryption capabilities are not considered sufficient for use in enterprise networks. In response to the WEP fiasco, many wireless LAN vendors have latched onto IEEE 802.1x standard to help authenticate and secure both wireless and wired LANs. The wildcard with 802.1x protocol is interoperability. Network World, 05/06/02.

    Audio primer: Wireless LANs
    Wireless LANs can make it easy to support a roving workforce, but pitfalls abound. In this 8-minute primer we take a look how wireless LANs are setup, the challenges involved and the varied specifications underlying the technology. Network World Fusion.

    Atheros chips set to bolster wireless LANs
    High-speed wireless LAN users may get more freedom and better security as Atheros, a provider of IEEE 802.11a chips to many equipment vendors, rolls out its second-generation silicon over the next few months. IDG News Service, 03/11/02.

    Wireless LAN worries mount
    Concerns about security have commercial and government enterprises moving quickly to reassess deployments of industry-standard wireless LANs. Experts say the security flaws are a potentially severe threat to networked systems within the nation's critical infrastructure. Computerworld, 02/04/02.

    Feature: Too many standards spoil wireless LAN soup
    Customers eager to move to a 5GHz wireless LAN environment are facing a market splintered by multiple standards for the fast networks. IDG News Service, 01/02/02.

    Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

    Get Copyright Clearance
    Request a reprint or permission to use this article.

    To top

    NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
    Click here to sign up!
    New Event - WANs: Optimizing Your Network Now.
    Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
    Attend FREE
    Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
    * HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

    Contact us | Terms of Service/Privacy | How to Advertise
    Reprints and links | Partnerships | Subscribe to NW
    About Network World, Inc.

    Copyright, 1994-2006 Network World, Inc. All rights reserved.