802.11i: The next big thing

The IEEE standard called Robust Security Networking is a force to be reckoned with. As an amendment to the original 802.11 WLAN standard, 802.11i replaces the original meager 10-page WEP discussion with more than 200 pages of detailed protocol on how to lock unwanted users out of your wireless network.

This is the good stuff.

Cracking the wireless security code

Security picks

What we tested

WEP: Stick a fork in it

802.1X: A stepping stone

WPA - An accident waiting to happen

Security standards aside, lock down your boxes, boys!

Wireless Access Point: Wire-side security testing (PDF)

How to do it: Securing your wireless LAN

Tools, not standards, that help tie down wireless nets

Glossary of wireless security terms

Explaining TKIP

How we did it

Archive of Network World reviews

Subscribe to the Product Review newsletter

Approved in July, 802.11i products have started to appear in the market. Even though we received our test equipment before the final draft of the standard was ratified, 3ComAirespace, Belkin, Buffalo, Proxim, SMC and Trapeze all had some pieces of 802.11i included with the hardware we tested.

The primary difference between the final version of 802.11i and the scaled-down version that the Wi-Fi Alliance published as WPA is AES. As a streaming encryption algorithm, RC4 (used in WEP and WPA) was not designed for use in packet-oriented Ethernet environments because packet-oriented transmission has to "restart" RC4 at the beginning of each packet, a process that can lead to a variety of attacks. AES resolves those issues.

The Wi-Fi Alliance has expanded the WPA program by publishing a subset of 802.11i as WPA2. Early in September, it announced that products from six manufacturers had been certified for WPA2 compliance. These manufacturers include Atheros, Broadcom, Intel and Realtek, four of the most significant manufacturers of the wireless chips that make up everyone else's cards, access points and laptops. Based on this early adoption, we can expect an explosion of 802.11i-compatible products, as vendors that already have modern chipsets from these manufacturers in current products will be able to turn on 802.11i compatibility without swapping out hardware.

Like WPA, 802.11i includes 802.1X authentication as a core feature. But the same authentication caveat as with WPA applies; PSK authentication is a poor choice for network security and is highly vulnerable if the PSK is not long and changed frequently enough.

Copyright © 2004 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022