Feeds

New WPA wireless security on its way

Not a moment too soon

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

The Register's Wireless LAN Channel

Virtually no one has a kind word to say about Wired Equivalent Privacy (WEP), the standard for securing data transmissions on Wi-Fi networks, writes Anne Zieger. WEP, which relies on cryptography that can be cracked with a half-hour of laptop time, isn't well-defended, but until recently it's all Wi-Fi fans had.

Things are due to change soon as Wi-Fi Protected Access (WPA), the next-gen Wi-Fi security standard, becomes the accepted security approach for Wi-Fi networks. WPA is giving vendors a strong incentive to roll out new Wi-Fi product lines, abandoning the previous generation of wireless networking approaches.

WPA is backed by the Wi-Fi Alliance, a vendor consortium whose membership includes Cisco, Dell, Intel, Intersil, Microsoft, Nokia, Philips, Sony, Symbol Technologies, and Texas Instruments. Offering codebreaker-hostile features like Temporal Key Integrity Protocol (TKIP), the stronger WPA makes Wi-Fi-based LANs look a lot less exposed.

Products supporting WPA, a subset of the pending 802.11i standard, have already begun appearing on the market. Dozens of vendors have already received Wi-Fi Alliance certification for WPA-based Wi-Fi access points, internal and external PC cards, wireless print servers, USB and Ethernet client adapters, and application-specific devices. The full 802.11i version, known as WPA2, should be released sometime next year, and will be compatible with the current wave of WPA technology.

Industry players say the WPA release isn't a moment too soon. WEP security, many say, is not much better than nothing at all. For one thing, WEP keys can be hacked using a number of readily available tools, including WEPCrack and AirSnort. Using TKIP, on the other hand, up to 500 trillion possible keys can be used with a given data packet, making brute-force cracking virtually impossible.

If companies want to try Wi-Fi on the cheap before they make an investment in this next generation of Wi-Fi technology, they can find open source applications for at least some Wi-Fi infrastructure pieces. Options like the OpenAP open source access point developed by Instant 802 Networks give companies a chance to play with Wi-Fi infrastructure before they pick up the check. Another effort, the linux-wlan project, is creating a complete standards-based open source WLAN infrastructure running over Linux.

Once an end-user organisation goes WPA, however, it needs to go all the way, and WEP-based open source products may not be ready with WPA versions quickly enough. Though some wireless access points offer dual-mode security using both WPA and WEP, WPA isn't directly compatible with WEP. The Wi-Fi Alliance doesn't recommend juggling the two for any length of time, as this approach leaves a network just as open as WEP alone.

If companies are using 802.1x security, they're ahead of the game. WPA relies on 802.1X authentication, working in combination with one of the standard Extensible Authentication Protocol (EAP) types, and works with several EAP subtypes, including Cisco's LEAP (Lightweight Extensible Authentication Protocol). EAP handles the presentation of users? credentials across many formats, including digital certificates, unique usernames and passwords, smart cards, and secure IDs.

Enterprises transitioning from older WLAN infrastructure to Wi-Fi, however, face a separate and potentially more difficult problem. The emergence of WPA - and the legitimacy it adds to Wi-Fi - has turned vendors off to older, proprietary WLAN technlogies. In coming months, much of the gear from leading WLAN vendors will work exclusively via Wi-Fi, rather than proprietary 900MHz or 2.4GHz implementations. Enterprises hoping to upgrade their old proprietary equipment with newer proprietary equipment, in other words, will soon be out of luck.

Looked at one way, WPA has given vendors a good excuse to roll out new Wi-Fi product lines which may - surprise! - require at least some customers to buy a lot of new equipment. At least this time, however, unlike with some waves of new technology, users get a tangible benefit from the latest cool gear. ®

© Newsforge.com

Anne Zieger is chief editor for PeerToPeerSource.com. Her work has appeared in Information Week, Byte, CIO, InfoWorld, and many other IT publications.

The Register's Wireless LAN Channel

The essential guide to IT transformation

More from The Register

next story
MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
'Prettier, better organised, more harmonious than if men were in charge'
Cops baffled by riddle of CHICKEN who crossed ROAD
'Officers were unable to determine Chicken's intent'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Drunkards warned: If you can't walk in a straight line, don't shop online, you fool!
Put it away boys. Cover them up ladies. Your credit cards, we mean
Why your mum was WRONG about whiffy tattooed people
They're a future source of RENEWABLE ENERGY
Murder accused DIDN'T ask Siri 'how to hide my roommate'
US court hears of cached browser image - not actual request
Chomp that sausage: Brits just LOVE scoffing a Full Monty
Sales of traditional brekkie foods soar as hungry folk get their mitts greasy
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?