• United States
Executive Editor

Wireless security standard could leave VPN vendors out in the cold

Mar 20, 20032 mins

* IEEE moves to address wireless security

When security risks associated with wireless LANs cropped up two years ago, the IPSec VPN vendors sounded a chorus of, “solve your problem with our gear.”

They were saying that if you put an IPSec VPN client on a wireless device and had it connect to a VPN server on the LAN side of the wireless access point, you’d protect the connection. And they were right. The link would be encrypted and require an authenticated user.

This is an interim solution at best. Setting up a VPN is not a simple task. Most people can learn how to do it, but there is a learning curve. Plus there will always be the problem that if you want to use a VPN, you have to distribute clients. That’s enough of a problem if you are distributing them to a standard group of company laptops or desktops. But wireless devices run the gamut from laptops to phones to PDAs – each of which would need its own client.

“There’s all these niggling details,” is how one wireless user put it when asked about reluctance to secure wireless networks with VPNs. After all, the point of wireless was to make networking mobile and easy.  Adding a VPN takes away the latter attraction.

The standards group IEEE is revising its standard for wireless LAN security that will fix the problems identified two years ago, and then security will be integrated right in wireless cards. The simplicity will return, and while the most demanding of users will want even more security, it will be good enough for most. The sign of its success will be that when equipment is available based on the new standard, those who tried the VPN option migrate away.