Wireless Security: The Main Point
There, all clear now? Me neither. The real point of Bellovin's blog, which is clearly underscored by the definitions above, is that wireless products throw a vat of alphabet soup at users and it's no surprise if they make bad decisions in configuration. It's so easy to find a completely wide-open wireless network; is this because people just don't care or because securing them is too hard? Some of both, I suppose.There's no easy way out of this problem. Unfortunately, vendors have a strong incentive to retain support for old standards, as they are widely implemented, and this means that configuration screens will be loaded up with lots of the alphabet soup above. Education is not usually a great solution for a security problem, but that's all we're left with in wireless security configuration. Wish us luck. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack.
The terms WPA Personal and WPA Enterprise are attempts to move beyond this problem, at least at the point of purchase. Home users would just look for WPA Personal-compliant products, and enterprises would look for WPA Enterprise, and be assured of a fairly high level of interoperability. But it's no guarantee of plug-and-play secure networks.