Cisco to share WLAN security technology

Makers of 802.11 wireless LAN clients now can make their products support special security features offered in Cisco wireless networks under Cisco Compatible Extensions (CCX), a licensing and testing program announced Monday.

Makers of 802.11 wireless LAN clients now can make their products support special security features offered in Cisco wireless networks under Cisco Compatible Extensions (CCX), a licensing and testing program announced Monday.

Cisco will license technology free of charge to client silicon makers for supporting enhanced security capabilities Cisco has developed for enterprise WLANs, the company said in a Webcast with initial partners including Intel, IBM and wireless silicon vendor Atheros Communications. The security features, some of which Cisco already includes in its gear, complement rather than replace industry standards, the companies said.

Enterprises are facing “a hefty grassroots push” for wireless LAN deployment and need to be able to manage and secure any WLANs on their premises, said Chris Kozup, an analyst at Meta Group who moderated the Webcast. The security mechanisms built into the 802.11 WLAN standard have come under fire as not safe enough, and Cisco already offers additional security features for its gear, which primarily is aimed at enterprises.

Cisco also said it will focus its wireless LAN silicon development on access points, the devices at the hubs of WLANs, and move away from being a client hardware vendor. It will continue selling Cisco-branded clients to companies that want to use Cisco as a one-stop shop.

With wireless capability going into the guts of many different devices, such as handheld computers, mobile phones and notebook computers, Cisco is leaving it up to others to develop wireless silicon for them, said Bill Rossi, vice president of Cisco’s wireless networking unit. Makers of devices and PCs that want Cisco’s enterprise-class security in their wireless-enabled products now will have more component sources to choose from, he added.

“It used to be they had to buy a Cisco solution and embed it in their devices. … Now they have a choice. They’re not being driven to a particular vendor’s solution as they were in the past,” Rossi said.

The new security capabilities will be integrated initially into client adapters and eventually into mobile devices, according to Cisco. In most cases, adapting current client products to support CCX will require only a firmware upgrade, Rossi said. After testing for interoperability with the Cisco WLAN infrastructure, Cisco will certify the product as compliant with the specifications.

Cisco has already developed a CCX specification that includes the company’s implementations of strong user authentication and encryption, Rossi said. CCX Version 1 includes compliance with the Cisco Wireless Security Suite, compatibility with Cisco’s mechanism for assigning WLAN clients to virtual LANs, and full Wi-Fi and 802.11 standards compliance, according to the company.

CCX Version 2 will add support for the IEEE 802.1x authentication type PEAP (Protected Extensible Authentication Protocol) and compliance with WPA (Wi-Fi Protected Access) when using various 802.1x authentication types. It also will have some new Cisco WLAN capabilities that improve roaming and WLAN management, according to a company statement. WPA is a specification developed by the Wi-Fi Alliance industry group. CCX Version 2 will be released to partners in the next 30 to 60 days, Cisco said.

Over time, Cisco expects partners to contribute to CCX specifications.

“I would fully expect (partners) to come up with unique things … that might make sense to be both in the client and in the infrastructure,” Rossi said.

Atheros announced Monday that its multimode 802.11a/b PC Card design based on its AR5001X chipset has been certified under CCX 1.0. Atheros supplies wireless LAN components to several large notebook PC vendors, according to a company statement.

Other current CCX partners include Texas Instruments, Intersil, Atmel, Agere Systems and Marvell Semiconductor.