Feeds

New WPA wireless security on its way

Not a moment too soon

  • alert
  • submit to reddit

The essential guide to IT transformation

The Register's Wireless LAN Channel

Virtually no one has a kind word to say about Wired Equivalent Privacy (WEP), the standard for securing data transmissions on Wi-Fi networks, writes Anne Zieger. WEP, which relies on cryptography that can be cracked with a half-hour of laptop time, isn't well-defended, but until recently it's all Wi-Fi fans had.

Things are due to change soon as Wi-Fi Protected Access (WPA), the next-gen Wi-Fi security standard, becomes the accepted security approach for Wi-Fi networks. WPA is giving vendors a strong incentive to roll out new Wi-Fi product lines, abandoning the previous generation of wireless networking approaches.

WPA is backed by the Wi-Fi Alliance, a vendor consortium whose membership includes Cisco, Dell, Intel, Intersil, Microsoft, Nokia, Philips, Sony, Symbol Technologies, and Texas Instruments. Offering codebreaker-hostile features like Temporal Key Integrity Protocol (TKIP), the stronger WPA makes Wi-Fi-based LANs look a lot less exposed.

Products supporting WPA, a subset of the pending 802.11i standard, have already begun appearing on the market. Dozens of vendors have already received Wi-Fi Alliance certification for WPA-based Wi-Fi access points, internal and external PC cards, wireless print servers, USB and Ethernet client adapters, and application-specific devices. The full 802.11i version, known as WPA2, should be released sometime next year, and will be compatible with the current wave of WPA technology.

Industry players say the WPA release isn't a moment too soon. WEP security, many say, is not much better than nothing at all. For one thing, WEP keys can be hacked using a number of readily available tools, including WEPCrack and AirSnort. Using TKIP, on the other hand, up to 500 trillion possible keys can be used with a given data packet, making brute-force cracking virtually impossible.

If companies want to try Wi-Fi on the cheap before they make an investment in this next generation of Wi-Fi technology, they can find open source applications for at least some Wi-Fi infrastructure pieces. Options like the OpenAP open source access point developed by Instant 802 Networks give companies a chance to play with Wi-Fi infrastructure before they pick up the check. Another effort, the linux-wlan project, is creating a complete standards-based open source WLAN infrastructure running over Linux.

Once an end-user organisation goes WPA, however, it needs to go all the way, and WEP-based open source products may not be ready with WPA versions quickly enough. Though some wireless access points offer dual-mode security using both WPA and WEP, WPA isn't directly compatible with WEP. The Wi-Fi Alliance doesn't recommend juggling the two for any length of time, as this approach leaves a network just as open as WEP alone.

If companies are using 802.1x security, they're ahead of the game. WPA relies on 802.1X authentication, working in combination with one of the standard Extensible Authentication Protocol (EAP) types, and works with several EAP subtypes, including Cisco's LEAP (Lightweight Extensible Authentication Protocol). EAP handles the presentation of users? credentials across many formats, including digital certificates, unique usernames and passwords, smart cards, and secure IDs.

Enterprises transitioning from older WLAN infrastructure to Wi-Fi, however, face a separate and potentially more difficult problem. The emergence of WPA - and the legitimacy it adds to Wi-Fi - has turned vendors off to older, proprietary WLAN technlogies. In coming months, much of the gear from leading WLAN vendors will work exclusively via Wi-Fi, rather than proprietary 900MHz or 2.4GHz implementations. Enterprises hoping to upgrade their old proprietary equipment with newer proprietary equipment, in other words, will soon be out of luck.

Looked at one way, WPA has given vendors a good excuse to roll out new Wi-Fi product lines which may - surprise! - require at least some customers to buy a lot of new equipment. At least this time, however, unlike with some waves of new technology, users get a tangible benefit from the latest cool gear. ®

© Newsforge.com

Anne Zieger is chief editor for PeerToPeerSource.com. Her work has appeared in Information Week, Byte, CIO, InfoWorld, and many other IT publications.

The Register's Wireless LAN Channel

Boost IT visibility and business value

More from The Register

next story
Drunkards warned: If you can't walk in a straight line, don't shop online, you fool!
Put it away boys. Cover them up ladies. Your credit cards, we mean
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Cops baffled by riddle of CHICKEN who crossed ROAD
'Officers were unable to determine Chicken's intent'
Murder accused DIDN'T ask Siri 'how to hide my roommate'
US court hears of cached browser image - not actual request
Why your mum was WRONG about whiffy tattooed people
They're a future source of RENEWABLE ENERGY
Chomp that sausage: Brits just LOVE scoffing a Full Monty
Sales of traditional brekkie foods soar as hungry folk get their mitts greasy
Nuts to your poncey hipster coffees, I want a TESLA ELECTRO-CAFE
Examining the frothy disconnect in indie cafe culture
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.