New WPA wireless security on its way
Not a moment too soon
Virtually no one has a kind word to say about Wired Equivalent Privacy (WEP), the standard for securing data transmissions on Wi-Fi networks, writes Anne Zieger. WEP, which relies on cryptography that can be cracked with a half-hour of laptop time, isn't well-defended, but until recently it's all Wi-Fi fans had.
Things are due to change soon as Wi-Fi Protected Access (WPA), the next-gen Wi-Fi security standard, becomes the accepted security approach for Wi-Fi networks. WPA is giving vendors a strong incentive to roll out new Wi-Fi product lines, abandoning the previous generation of wireless networking approaches.
WPA is backed by the Wi-Fi Alliance, a vendor consortium whose membership includes Cisco, Dell, Intel, Intersil, Microsoft, Nokia, Philips, Sony, Symbol Technologies, and Texas Instruments. Offering codebreaker-hostile features like Temporal Key Integrity Protocol (TKIP), the stronger WPA makes Wi-Fi-based LANs look a lot less exposed.
Products supporting WPA, a subset of the pending 802.11i standard, have already begun appearing on the market. Dozens of vendors have already received Wi-Fi Alliance certification for WPA-based Wi-Fi access points, internal and external PC cards, wireless print servers, USB and Ethernet client adapters, and application-specific devices. The full 802.11i version, known as WPA2, should be released sometime next year, and will be compatible with the current wave of WPA technology.
Industry players say the WPA release isn't a moment too soon. WEP security, many say, is not much better than nothing at all. For one thing, WEP keys can be hacked using a number of readily available tools, including WEPCrack and AirSnort. Using TKIP, on the other hand, up to 500 trillion possible keys can be used with a given data packet, making brute-force cracking virtually impossible.
If companies want to try Wi-Fi on the cheap before they make an investment in this next generation of Wi-Fi technology, they can find open source applications for at least some Wi-Fi infrastructure pieces. Options like the OpenAP open source access point developed by Instant 802 Networks give companies a chance to play with Wi-Fi infrastructure before they pick up the check. Another effort, the linux-wlan project, is creating a complete standards-based open source WLAN infrastructure running over Linux.
Once an end-user organisation goes WPA, however, it needs to go all the way, and WEP-based open source products may not be ready with WPA versions quickly enough. Though some wireless access points offer dual-mode security using both WPA and WEP, WPA isn't directly compatible with WEP. The Wi-Fi Alliance doesn't recommend juggling the two for any length of time, as this approach leaves a network just as open as WEP alone.
If companies are using 802.1x security, they're ahead of the game. WPA relies on 802.1X authentication, working in combination with one of the standard Extensible Authentication Protocol (EAP) types, and works with several EAP subtypes, including Cisco's LEAP (Lightweight Extensible Authentication Protocol). EAP handles the presentation of users? credentials across many formats, including digital certificates, unique usernames and passwords, smart cards, and secure IDs.
Enterprises transitioning from older WLAN infrastructure to Wi-Fi, however, face a separate and potentially more difficult problem. The emergence of WPA - and the legitimacy it adds to Wi-Fi - has turned vendors off to older, proprietary WLAN technlogies. In coming months, much of the gear from leading WLAN vendors will work exclusively via Wi-Fi, rather than proprietary 900MHz or 2.4GHz implementations. Enterprises hoping to upgrade their old proprietary equipment with newer proprietary equipment, in other words, will soon be out of luck.
Looked at one way, WPA has given vendors a good excuse to roll out new Wi-Fi product lines which may - surprise! - require at least some customers to buy a lot of new equipment. At least this time, however, unlike with some waves of new technology, users get a tangible benefit from the latest cool gear. ®
Sponsored: 2016 Cyberthreat defense report