Truths and Fictions

By Carol Ellison  |  Posted 2004-06-01 Print this article Print

Then, too, there are times when wireless networks are left open by design. The number of public Wi-Fi hot spots is growing at a rapid pace. For better or for worse, hot-spot operators function on the assumption that users who need the security will open VPN tunnels to their corporate networks once they log on. Its not the best policy, but who can blame them? Public hot spots are cropping up everywhere, from fast-food hamburger stands to truck stops, and its just not practical for folks at the lunch counter to be handing out passwords to customers and reconfiguring their WLANs to accept them. Thats not to say that war-driving reports should be ignored. Even if their statistics exaggerate the case, theres a troubling truth behind them: The best security mechanisms cannot protect anyone who doesnt enable them.
The Wi-Fi Alliances adoption of WPA as a standard for certification last year closed the holes that WEP left open in WLAN security.
And by years end, the Institute of Electrical and Electronics Engineers is expected to ratify the 802.11i standard, which brings much stronger security to 802.11 devices. Last week at CeBIT, I caught up with Colin McNabb, CEO of wireless chipmaker Atheros Communications Inc., who bravely predicted that "11i is going to solidify security standards once and for all." The Advanced Encryption Standard (AES) called for in 802.11i has been approved as the Federal Information Processing Standard (FIPS)and has been adopted by the U.S. Department of Commerce and the National Institute of Standards and Technology (NIST). Atheros and other chipmakers have already begun building in AES support. But the vendors who build those chips into their devices typically ship them with security turned off in the default configuration to make them easy to install. Deploying that security is not always tough for users to do but, as Outmesguines friends experience shows, its also not always easy. Click here to read about Intel Corp.s decision to turn off the wireless features by default in its Grantsdale chipset. Also, studies have shown that the preshared key used in WPA will be vulnerable to dictionary attacks if users choose an easily remembered password that can be easily deciphered. (Hint: Instead of a password, use a passphrase that includes numbers and symbols.) It wont be until the industry finds an easy way to ensure that security is implemented in the default configurations of WLAN devices that the war-driving reports will go away. Until then, they serve as a reminder to all of us that we should take the job of wireless security seriously. Good fables usually do contain great truths. Check out eWEEK.coms Mobile & Wireless Center at for the latest news, reviews and analysis.

Be sure to add our mobile and wireless news feed to your RSS newsreader or My Yahoo page

Carol Ellison is editor of's Mobile & Wireless Topic Center. She has authored whitepapers on wireless computing (two on network security–,Securing Wi-Fi Wireless Networks with Today's Technologies, Wi-Fi Protected Access: Strong, Standards-based Interoperable Security for Today's Wi-Fi Networks, and Wi-Fi Public Access: Enabling the future with public wireless networks.

Ms. Ellison served in senior and executive editorial positions for Ziff Davis Media and CMP Media. As an executive editor at Ziff Davis Media, she launched the networking track of The IT Insider Series, a newsletter/conference/Web site offering targeted to chief information officers and corporate directors of information technology. As senior editor at CMP Media's VARBusiness, she launched the Web site, VARBusiness University, an online professional resource center for value-added resellers of information technology.

Ms. Ellison has chaired numerous industry panels and has been quoted as a networking and educational technology expert in The New York Times, Newsday, The Los Angeles Times and The Wall Street Journal, National Public Radio's All Things Considered, CNN Headline News, WNBC and CNN/FN, as well as local and regional Comcast and Cablevision reports. Her articles have appeared in most major hi-tech publications and numerous newspapers and magazines, including The Washington Post and The Christian Science Monitor.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel