Making the Most of Wireless Security

By Steven Vaughan-Nichols  |  Posted 2004-07-27 Print this article Print

Here's a guide to making the most of the wireless security tools that are available.

Wi-Fi is everywhere. Many laptops now come with 802.11g and 802.11b-compliant wireless hardware as standard equipment, but wireless security is almost an oxymoron.

Thats going to change. Wai Sing Lee, an analyst with market research firm Frost & Sullivan, sees a huge jump coming for wireless security and, in turn, vendors, value-added resellers and integrators who can provide it.

Youve seen the problem: Your customers set up a wireless AP (access point) for their office, but they leave it wide open, not even setting up WEP (Wired Equivalent Privacy) to provide minimal protection.

Worse still, your client does set up state-of-the-art security with the recently ratified 802.11i protocol and guess what? Mere weeks later, Aruba Wireless Networks Inc. announces that their researchers have found a RADIUS (Remote Authentication Dial-In User Service) server security hack that can be used to pry open any wireless security infrastructure that keeps encryption keys in access points instead of a central switch.

Even if it is true that the 802.11i crack really is more of an attack on its wired RADIUS server than on 802.11i itself, the bottom line is that it now appears some 802.11i Wi-Fi connections are attackable.

Think youre safe because youre using Ciscos proprietary Lightweight Extensible Authentication Protocol, aka LEAP? Think again.

In his paper "LEAP: A Looming Disaster in Enterprise Wireless LANs," George Ou, a network and information systems architect, points out that LEAP hasnt been real-world secure for more than a year now, and a cracker program named asleap eats most LEAP passwords for lunch.

Is a truly secure wireless network possible today? Youre not going to like the answer, but for many customers, the answer is no.

First, chances are your customers Wi-Fi equipment cant handle 802.11i in the first place, even if you are using a centralized switch set up for it. 802.11i requires the use of AES (Advanced Encryption Standard) and AES is not backwards compatible with legacy WEP-compliant equipment.

Of course, it would be great—not to mention more secure—if you could get your customers to upgrade their wireless infrastructure, but as many companies have Wi-Fi equipment that is only a year or two old, that will be a tough, tough sale.

Instead, what you can do is increase the practical, if not the absolute, security of your customers sites by simply making sure that they reliably use the security tools that they already have in place.

Click here to read the full story on Ziff Davis Channel Zone. Check out eWEEK.coms Mobile & Wireless Center at for the latest news, reviews and analysis.

Be sure to add our mobile and wireless news feed to your RSS newsreader or My Yahoo page

Steven J. Vaughan-Nichols is editor at large for Ziff Davis Enterprise. Prior to becoming a technology journalist, Vaughan-Nichols worked at NASA and the Department of Defense on numerous major technological projects. Since then, he's focused on covering the technology and business issues that make a real difference to the people in the industry.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel