Broadcom simplifies Wi-Fi security set-up

Full WPA cover in two steps

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Wi-Fi chip maker Broadcom today unveiled software that it says will make setting up secure WLANs significantly easier.

The software, dubbed SecureEZsetup, provides a simple two-step set-up wizard that configures both the access point and the PC client using the Wi-Fi Protected Access (WPA) TKIP security system.

Users setting up a WLAN for the first time are asked to provide the answers to two "easy-to-remember" questions. These answers are used to create the appropriate authentication and data encryption keys, plus the access point's unique SSID, details of which are provided to the user.

If more PC clients are added to the WLAN at a later date, the software asks for that information before configuring the client-side settings.

In order to ensure that the correct access point is configured, the wizard will only talk to access points that have been operational for less than an hour.

"We assume the user has taken the equipment straight out of the box and plugged it in," Gordon Lindsay, Broadcom European product line manager, told The Register.

He acknowledged that there was an inherent security flaw in the system - the initial wireless link between the client and the access point is by necessity unprotected - but he said Broadcom had minimised the risk of interception. "After each communication between client and access point, the two are disassociated," he said. In short, the two talk to each other literally as briefly as possible until they can re-associate permanently over a secure connection.

The system requires both access point and client adaptor contain one of Broadcom's 54g-branded 802.11g chipsets. Lindsay expects devices to ship with the software from mid-May onwards. Older kit will require a firmware update, which Broadcom has made available to its customers.

Broadcom supplies 802.11g chipsets to Linksys, Buffalo, Belkin, Motorola, Apple, Acer, Dell, HP, Gateway and others, and through its product partners claims a 77 per cent share of the US 802.11g retail market.

Since January, the Wi-Fi Alliance, the standard's interoperability and marketing body, has insisted that all WPA-certified devices ship with full security settings in place. In the past, vendors turned security off by default because of the difficulty many users had in setting up secure networks. This, in turn, helped Wi-Fi develop a reputation for being easy to penetrate. WPA certainly improves WLAN security over the older, weaker Wired Equivalent Privacy (WEP) spec, but even WPA is useless if it's not enabled. ®

Related stories

Wi-Fi Alliance preps WPA 2 security spec
Snag in next-gen Wi-Fi security unearthed
Cisco thwarts WLAN dictionary attack
Cisco Wi-Fi kit in minor security flap
Chip start-up boosts Wi-Fi rate by '10-20 times'
Atheros updates Wi-Fi speed booster tech

Secure remote control for conventional and virtual desktops

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Will BlackBerry make a comeback with its SQUARE smartphones?
Plus PC PIMs from company formerly known as RIM
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
EE buys 58 Phones 4u stores for £2.5m after picking over carcass
Operator says it will safeguard 359 jobs, plans lick of paint
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.