Feeds

New WPA wireless security on its way

Not a moment too soon

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

The Register's Wireless LAN Channel

Virtually no one has a kind word to say about Wired Equivalent Privacy (WEP), the standard for securing data transmissions on Wi-Fi networks, writes Anne Zieger. WEP, which relies on cryptography that can be cracked with a half-hour of laptop time, isn't well-defended, but until recently it's all Wi-Fi fans had.

Things are due to change soon as Wi-Fi Protected Access (WPA), the next-gen Wi-Fi security standard, becomes the accepted security approach for Wi-Fi networks. WPA is giving vendors a strong incentive to roll out new Wi-Fi product lines, abandoning the previous generation of wireless networking approaches.

WPA is backed by the Wi-Fi Alliance, a vendor consortium whose membership includes Cisco, Dell, Intel, Intersil, Microsoft, Nokia, Philips, Sony, Symbol Technologies, and Texas Instruments. Offering codebreaker-hostile features like Temporal Key Integrity Protocol (TKIP), the stronger WPA makes Wi-Fi-based LANs look a lot less exposed.

Products supporting WPA, a subset of the pending 802.11i standard, have already begun appearing on the market. Dozens of vendors have already received Wi-Fi Alliance certification for WPA-based Wi-Fi access points, internal and external PC cards, wireless print servers, USB and Ethernet client adapters, and application-specific devices. The full 802.11i version, known as WPA2, should be released sometime next year, and will be compatible with the current wave of WPA technology.

Industry players say the WPA release isn't a moment too soon. WEP security, many say, is not much better than nothing at all. For one thing, WEP keys can be hacked using a number of readily available tools, including WEPCrack and AirSnort. Using TKIP, on the other hand, up to 500 trillion possible keys can be used with a given data packet, making brute-force cracking virtually impossible.

If companies want to try Wi-Fi on the cheap before they make an investment in this next generation of Wi-Fi technology, they can find open source applications for at least some Wi-Fi infrastructure pieces. Options like the OpenAP open source access point developed by Instant 802 Networks give companies a chance to play with Wi-Fi infrastructure before they pick up the check. Another effort, the linux-wlan project, is creating a complete standards-based open source WLAN infrastructure running over Linux.

Once an end-user organisation goes WPA, however, it needs to go all the way, and WEP-based open source products may not be ready with WPA versions quickly enough. Though some wireless access points offer dual-mode security using both WPA and WEP, WPA isn't directly compatible with WEP. The Wi-Fi Alliance doesn't recommend juggling the two for any length of time, as this approach leaves a network just as open as WEP alone.

If companies are using 802.1x security, they're ahead of the game. WPA relies on 802.1X authentication, working in combination with one of the standard Extensible Authentication Protocol (EAP) types, and works with several EAP subtypes, including Cisco's LEAP (Lightweight Extensible Authentication Protocol). EAP handles the presentation of users? credentials across many formats, including digital certificates, unique usernames and passwords, smart cards, and secure IDs.

Enterprises transitioning from older WLAN infrastructure to Wi-Fi, however, face a separate and potentially more difficult problem. The emergence of WPA - and the legitimacy it adds to Wi-Fi - has turned vendors off to older, proprietary WLAN technlogies. In coming months, much of the gear from leading WLAN vendors will work exclusively via Wi-Fi, rather than proprietary 900MHz or 2.4GHz implementations. Enterprises hoping to upgrade their old proprietary equipment with newer proprietary equipment, in other words, will soon be out of luck.

Looked at one way, WPA has given vendors a good excuse to roll out new Wi-Fi product lines which may - surprise! - require at least some customers to buy a lot of new equipment. At least this time, however, unlike with some waves of new technology, users get a tangible benefit from the latest cool gear. ®

© Newsforge.com

Anne Zieger is chief editor for PeerToPeerSource.com. Her work has appeared in Information Week, Byte, CIO, InfoWorld, and many other IT publications.

The Register's Wireless LAN Channel

Security for virtualized datacentres

More from The Register

next story
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Space exploration is just so lame. NEW APPS are mankind's future
We feel obliged to point out the headline statement is total, utter cobblers
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
STONER SHEEP get the MUNCHIES after feasting on £4k worth of cannabis plants
Baaaaaa! Fanny's Farm's woolly flock is high, maaaaaan
Adorkable overshare of words like photobomb in this year's dictionaries
And hipsters are finally defined as self-loathing. Sort of
Not a loyal follower of @BritishMonarchy? You missed The QUEEN*'s first Tweet
Her Maj opens 'Information Age' at the Science Museum
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.