Cracking the wireless security code

We test 23 wireless products from 17 vendors to see if it is possible to deploy a secure wireless LAN with technology available today.

Is it possible to deploy a secure wireless LAN with technology available today? That question preys on the minds of IT executives who are tempted to deploy enterprise WLANs, but are hesitant because of security concerns.

So we assembled 23 wireless products from 17 vendors and ran them through a battery of tests aimed at getting the answer.

Wired Equivalent Privacy (WEP) is very weak in many products, and we don't recommend using it other than in very specialized cases. WEP's successor, Wi-Fi Protected Access (WPA) has flaws but provides solid security when combined with 802.1X authentication and deployed carefully. Ultimately, 802.11i, the standard that replaces WEP and WPA, will provide all the tools needed to protect WLANs.

Also see: Wireless router basics

To their credit, vendors are aggressively shipping products at all prices that support enterprise-class security features. Two-thirds of the products tested support 802.1X, and vendors are moving rapidly to comply with 802.11i standards.

Security picks

In this case, we focused entirely on security, and based on our testing, we drew some conclusions about which products would be the most secure additions to your network.

What we tested

The details on 23 products that we put under a security microscope with our battery of tests.

WEP: Stick a fork in it  

Tests show some vendors are lax about plugging WEP holes.

802.1X: A stepping stone

As an authentication standard for wired networks, 802.1X has a happy side effect when used with WLANs: It gives you per-user, per-session WEP keys.

WPA - An accident waiting to happen

WPA can be a better option. Unfortunately, the easiest way to use it actually makes it easier to crack than WEP.

802.11i: The next big thing

The IEEE standard called Robust Security Networking is a force to be reckoned with.

Security standards aside, lock down your boxes, boys!

To build a secure wireless network, it's not enough to watch the airwaves. You must lock down the access points, much like the rest of your network infrastructure.

Wireless Access Point: Wire-side security testing (PDF)

Find out which of the 15 access points and wireless switch vendors leave the back door to your WLAN wide open.

How to do it: Securing your wireless LAN

We're left with the question: How do you secure your WLAN?

Tools, not standards, that help tie down wireless nets

Security standards aside, wireless gear vendors are peppering their products with other features that can help secure WLANs, including access controls, VPN technologies and tools to locate and lock out rogue users.

Glossary of wireless security terms

A laundry list of terminology used to describe wireless and wireless security.

Explaining TKIP

Temporal Key Integrity Protocol (TKIP), as defined by the IEEE 802.11i specification, addresses the encryption part of the wireless security equation.

How we did it

How we tested the security of various wireless access points and switches.

Learn more about this topic

NW Lab Alliance

Snyder and Thayer are also members of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.