Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Protecting the WLAN



 By: Carmen Nobel
2002-05-13
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A WLAN standards delay is pushing wireless system developers such as Symbol and Cisco to create a confusing mix of interim security solutions.

LAS VEGAS--A WLAN standards debate is pitting security against performance and leaving users operating wireless systems having to choose between one or the other. So far, most are opting for performance at their own risk.

The standards delay is also pushing wireless system developers, such as Atheros Communications Inc., Symbol Technologies Inc. and Cisco Systems Inc., to create a confusing mix of interim security solutions.

The IEEE has been working for months on 802.11i, a new protocol designed to fix security holes in WEP (Wired Equivalent Privacy)—the only security included in current wireless LAN standards. But disputes over authentication protocols have ensured that the debate, already months old, will drag on until at least September, according to IEEE officials in Piscataway, N.J.

"This is the biggest issue in the industry, and we cant get past the petty infighting to figure this out?" said Rich Redelfs, president and CEO of Atheros, in Sunnyvale, Calif., the only company shipping 802.11a chip sets. "Give me a break."

Meanwhile, users continue to favor features over security. "We have to make security more transparent and more efficient so it doesnt increase the cost of the equipment," said William Arbaugh, assistant professor of computer security at the University of Maryland, in College Park, and a WLAN security expert. "There should be one simple step, and WEP is enabled. Its highly unusual for it to be done right."

Arbaugh was one of about a dozen security experts, academics and government officials who gathered last week in Washington for a closed-door roundtable discussion of WLAN security issues. The forum, sponsored by Accenture Ltd., included discussions of standards as well as the reasons that vendors have been slow to embrace security.

"Wireless can be secured, and we will get there. When, is the question," Arbaugh said. "Its unfortunate that the IEEE is taking so long. But, persuading vendors is the key because theyre the ones who control the amount of security we get."

"Short-term economic decisions overrule security concerns at this point," said John Clark, security technologies leader at Accenture, in New York. "The default is no security."

As a result of the IEEEs foot dragging, a handful of developers are building interim security solutions into their WLAN products. Atheros interim solution is to include the AES (Advanced Encryption Standard) in its next generation of chip sets.

Supporting various combinations of 802.11a, 802.11g and 802.11b, the chip sets are due in end-user products beginning this summer. Atheros officials said the company included AES in the firmware because it wont slow data transfer the way it would in software. However, this will eventually necessitate a chip upgrade.

"We cant wait anymore," said Ray Martino, vice president of network products for Symbol, in San Jose, Calif. For that reason, Symbol is including its own interpretation of the Temporal Key Integrity Protocol in its latest access points even though it will mean an upgrade later to ensure interoperability.

Cisco plans to use in future products a scheme called PEAP (Protected Extensible Authentication Protocol), which combines Transport Layer Security and EAP. Authored by Cisco, Microsoft Corp. and RSA Security Inc., PEAP is due next quarter. Cisco wants to use it, but it may not be part of 802.11i.

Since the myriad authentication protocols are what has slowed 802.11i, some WLAN vendors said the best meantime solution could be a separate VPN (virtual private network) box such as those from Bluesocket Inc. or ReefEdge Inc.

Users see them as a safe but expensive temporary fix destined to be obsolete when 802.11i is ready.

"When you have large numbers of wireless users coming in on [a VPN], it wont work well," said Kevin Baradet, network systems director at the S.C. Johnson Graduate School at Cornell University, in Ithaca, N.Y., and an eWeek Corporate Partner. "But if you just deployed a wireless LAN and are not anticipating replacing it in the next two or three years, its probably worth it to get a VPN in the meantime."

Some vendors disagree. "You still need a lot of horsepower in the access point," said Ron Seide, product line manager for wireless LANs at Cisco, in Akron, Ohio. "When you have a cheap access point with a [third-party security] box behind it, you still have a cheap access point."

Related stories

  • Tech Analysis: Wireless LAN Security Crackdown
  • WLAN Wares Make the (54M-bps) Connection
  • Symbol Crashes WLAN Security Party
  • Cisco to Release WLAN Products
  • 802.11a and 802.11g Evolve the WLAN Space
  • Review: VPN Tools Aid WLAN Security



      Reader Comments: Protecting the WLAN
    >>> Be the FIRST to comment on this article!
     

     
     
    >>> More Network Security & Hardware Articles          >>> More By Carmen Nobel
     


    • xr㶲0;; ʷ♵MR-b[^f&uT I)|IzgyoP/gq2D th4$sW7-gL.\sfS;uA@ Y>%>{ '(+o1mnf]( _hoL|Aშ :#:D.Pk< Z5754o/ne0S-ڎIQ>)VNմH>ڴQ$)q@P.w@~Th \2ITߦuB)~{Te膡;? CKt/"(?F#&c?9; fw^B(ƻFՉziZgdh-vu=yͨ /B1r!f-{4ɿTݱ[ L=iLVG;%0ýtf?Dk> NZ#ZSˆ辥{$)5< \g4QL1H6}~8IZ Q 68VRW`?ĶhG:eh?Auoez^ucߝ9Iz]],s&"U+wS&>dRr-2QȲnMw3a[mѡlطZkuE9,},^/[,\hӟoF_{JU4Eٿ]vή $(֝[pm+iu]+i0n{'y@α{A~$?Fj}&UJDZ-i& 0h!5&tt:~Xst\㍒~7ny#ܲ_/ivdf1{Pd!XI#/YTUGf9괏'򳹥}o__]wzmo]wڧ>ߘecfy3?TrJw3B~ ,W7'77˓MvIsCV|BCj`BәcYuuUo~=Wco!&w@"rVJze_R ?#3p=jIo]}::$7cY>韐/ !}_w nr@ i/],,Y`MImdʩ$zNԜYu*į`K7BSI3Q8nZK}0[RF&\ ДQC|dMab&DJH?Ӕ>-`i˫ TE嗋mESu= (J!bN3E !\J!=! g|8Jn΋|? [Z&Ǩfmќ-Ӆ]WcL^cL .Cuv}BzW^?]{6LqJjh.B2iKB0qkꛛZk_@r /*r[h 2ud8԰1nґ>âx? tSOC|>56㤞F!|Бdmxq=Z.3+ԍEXn`Ntha^i1[ <ۋJ!pIxZSx&ztmP`~5$ǎ@ Ls'08 ɝ5E0%ݻCi`y1&=զA{ Tgg ,zC k 6G~[>l03QP sZ.( 7c2)%%E2G 4.gH)AH =[h ]99z |?#!bRN[ '9Rt{B#RyMfJ9cb -d[b}IlΌ eV&vϏa,[Lbo7], Slo3-Mus֪%6ʋzhNC&ǽ3yjm S#U^?_)hXL9|p p]?n;N %=&^9=Y ->֘MGsD& f+LoLhQĸGF6}Sˀ)4+pPw >`|=-0Xհݙ2r|>I45+8dp7 Pܼ? b>ȝ 8#_gM,Yh(b'pCf4AdN/a:*)6&v;p=F5n&VUKO+@dz#kzESڡWr9vn g%A qsGIݔ6 [IFlx |MKߵ("==r3C6Olcp6xBJmHכAB cOЭ,hZW%S=#kQAa ŵaa{61rt^XԳtg~a?_XTNۋkʮtْүhOvpu*>1f&6X#˦z`ُ׽IAʫUf z6V&L~5<2eX]2X>rGmAutn\?(yS+rf! sMqN!ӈPS bY4(Nu=(UF5GQ/AY@hnEkJc\Cњy]֩;lRjz|tݱM% WKRM1})Xk±&,<"+ڂiȈ0A  ~HLbV4> \Rbr>+e$T6)5*iMym"P8+%t갢zԘ}Qː 0gted->흧 IV/굄zrhUUjV9Ύ^WYP2:Ś&H_ଯ?p,z~qj ,2,~QA}v݂/]r?2;|b*,p |"yl ėaE*ӕ~>V6ʼnG =q?@+:2 XZ 0(E{h0 qDNҀJ ^ƙl)W2ݝ'(U2~-h;_?Z=-`"gKjUv~ie(#f~~+ˣ φG1>Lk}P~WsXoY:چHi3 9f5N+};`[%J+fx+,s Jb+ʹV(EcDyxkC |%`y3'Gu"M."́,08h} 2"G=%^\7aOn[JEVK`uցDZ%y9HǞ1]]2Y1Gci}[Uה1Ze ɲ7)Ь6V#iA/]fRvQLlvLTSdTRZ|bZ.3zXz+)uzhE5&QrME 7uGM4:VH'!IQjQʠkIurb*kZQR<*잔n,: ĕ,6" l[ ezפ_+Gs;"Jgԋbr{q>'F{4lGj+jBgyr`3O?f#[iYyVum4ItH"5Hq+$˴%I?N0QtA*ƾD.CGTTWFooy!A"7S[Uts)xT-kZb[Ԫw>"i!`\?=bEOp?n ]^*~ t9#T`| @`'d1s<ɷonjC<: +A񷠐n)ɡXXD>QkfR{e"nxR* gF ccb~n.A+SP[/I6\S0:;bd}G]ItMv@Jۇ>^E1a W^^fCr|<)z{BviԹm48 Z&IEqĘ 3^6"B @ tOלY0z.B3ZOUc)zF A0W: ?vO1Ok7tEh[(+x,6dsJ;t1?x>6Bj?$Y^3_{"Ts8L,ӤN)fTDɖXSaoy0;F{8ꀒN9{NElOڢ-F]nցS9)Nxsyؠ#%tBM[CT䵴f[YUHO~'%6 XTzH0Hr倜b{~U߯Il{;u,#( 9#7:;NjG/sy"O+f8Q ,]:]@_zϜGoIM21B?1Pݘ~zNh5S \cQ Suvp7߁؉H.Er o5 ל8Jn,sL]O]WAkv,3x\J|[<,'Mw[!']ry}MZ_gQW{$ tD#(Zw{.zʜ(=}!GzE>sF.Z۽uڻ e'3 Cݿw_l>8ninmǡ8 0Nt,4P$EUՊZr,VU $]d O>fYt2&n_%3ٌ<4/ Z2fP:9G׍[sgcF0[v}U"Ϻ4v4 ]ekw}B%umJ+.{%nw^Zhr;Tʜ%%դy6/IQ)"{"F%{two%o14m*z>=3'Kmh^\U+{œJ)g2Kj%I4{N+1"y^7ٰB'rDyt]i/)N߭ēaac!d dݦ~83N**KS eњVI VˏW/f!E%GI({1Y6 D rP7_w@^Pj( {Tm5#EŴR0%q^Kvi Y/,srymVe^bg`q 3s^ nH60 RW?Ps/|; 1I˖N,b^EV065T:ݫ-E瑪\q; lK\x {8 u^'u"RUo 6@H77!'^(^ "r$߯*cs-Ra\xÁ*@u.Kݲ6x:(뚲j:),-yoy7A 4AAKvŅ殁WOAW!_p~ | o6G־ 0AP@3^?"EEP{.1V1S.mjۜB.T\1 *4+lx^hsm72;h{2b~u(gi;V>3-梚 k }ogs7x J $ ELk瀵di>'0%HM775 m"ƋHRo|#7BI-cI aN)΅[m1 B(wZwBuՌ%.̊1\p&Ҁ 3yUx&ue%N7oCVK;J.s*Z9);lRş ~z˟\s) BtSzK\ śLN%ZǃBe?+nzTS~Zf { BS+YʹmCl(I#ۀچձdK(NzH^uσdUoko#fEN;v}^)jhk'5};ĺ = z!(d ƗY'VdZIHgcS8OhƊ8eYXZƓ@7F9@R ,Í M$=D/]ޮb>`X; ;dP^"6G>՗-Il T *`.l{hO׮f>#.b1D b@/jr]S=L,T7-U1 ~GeҌ9gG񺱿i=oT⯠œݬjgϡ6 %<{6Sͨ,$tIz iы"^tE'yHd:fG)-3[  (oNpo7+oc-d?¸J~'`M=u'<~'1%&ТC>y| [DnpSo֜{?*'@ ֳKN&%13ʉmOuaxAOMq`6\XkQx{$8qCv3Jrzذȍr~bg?}PDq`v+Tz@YmӶvx 5v1h}P2D#%1W"e(=c$Gs8RG%5x  EqNj=="@Ÿ Rxc) KhWx}B,p+@FpxIzr0jsh*b4KB-'*}L1Q%`sZk^gYJ+Șz~b=! cźTAN9=S5Q_PRUBI ]kZk>Ao mo>)fFmz^C `59Zk]u3}_Y<57SYzZ<1xfU'j*la0uv_ 1IenLHueO-FI4Ϲ,'c0/';k0Tr^`}LlɰTXA,链5y/`|\I>HP)%$7QB ̷d0ǖC0%n4,qBrd }@^ Į@W&Dm#i ''th'&v* &V*tg|{3Kqa݋OR>hueaj+Yא5 U@8AnKex6 w|D`Dq>8E= :ỒWZ=5Fd>QhTJӑu o`|$wz:̥7b?= 2θ8ǃ""a=X 2>ndeH&4O]YUc `xI$!fE&?:};ozxX2dIokvP`#}M fFG{|I CRO⺢ 2K1SwCE;c)UO'䏃ِ OCcP.y- rH8GϷF}eOWJƈ\氟aHp=Sa-1ȘhD MQ ҖHxLɹcMN퓔pxXҚ0!<RAA>6"))Ĵ0ef`1a9=c3bw`/9"ف{q*=۹bbWoH$P`+wdcF>b|9p+=%vfW tQũ.tQ:..( oIYPk,(ϏB5RSJLmn$|s ^6CXLi8qXg- .E.[qw6'+נ!51K0 1YGw`C[5EY|obL,`A~ڽBj@̐0($Ѕ:x,@#!9ωK+3Ac 7VúޛXF #}AaP8Z  +z+uT'I]W@)9CȮ KTUV|.A@*fyݬf///iJdR ?h$@F쌆=xɾe{$$ ͈ɵ?ѝ#h]]!k"6}:_w%9jwooW[u{{sپ\ Sˇ2f&SRo4eš6u\ «1.ys9,tG_0}4eL$;5U6rWzuL&鏙Bup:/kj:ٙ%G]3G|MPЦoJc>4 5NMo )n}>eЌLjV}QuxS S+S~ ׫ˏ[.wsʑO'c(?^]~ 9͡GǜVu ͳI9)ureN9_z//Peu9?ρ]"g|./E|E}/>9/r ϋD3)?@?r/"2g|/A~.s2gnN9 _?r ޿yyW^=AV_s^99@9rߛorڿ\'I9ru S)Jy/*苼k Oy射<)߇}VU<_`kW9t _r ̭L_;WݓBX\jvr+^e4vkYAm{}ys/-#yio2 MAQFgG6+.ȭ-'Hl]=g%%x=0?Mu{.1پWߕ\)ܼ}:qOXE9s8WɴVی SƔP}b>ţu.TlP`24UF` Ԋz!J1 =4`֭tKo1;BDO"Oӱ7o;fCdWe"eƋ&æʗጽJ/Dʑ $` pL\ Psg~ =u] YI}A,XA0Ûh6VI2hؐ,sv[F8 c| M3,>cc>m=]wtl#k.vܙ%/H_q]K?>hPxUE0P$=CfJǣ,h :"Qfh km!t\зkdQ9Hz&ze 9/DbtΆb'OxU]szlo()y+J9*نW0UZVAxvx*Dⲁe":}`S so#gTÉt r!̃NN-Gw U|ٲs9ebV)qmeGfӧ[-[ @ O<CZ24 Eخ;Oq^'d9f7rv1$+nvGT g7>5'ك|2p}π!XsCQ%7` }[=Ⱦ?J B ϱ-1ng`SwDl .7(.O]$ xWa.*e;1KMP`O3M|B p#Q*Ү^g ͜5%SWRP'jdVw@8̛ m+,~HױI_[0~X+m˕bA<\n2?>%i#~@ =(ۊnfT|`GYe`Z+r k5-E6<]܈Xx?ƽnb@RYH3LN*s=cm;pSz2V Qm`%N \50(g|Ntu ۊ|Va=r+sb:igNb+cb@xϖέ{~k#'>g~wxur!}/ő׈,^4˘ /OىBWѰ0 L;,lqED%e2JACb _lu K#(t>0 'Ɣ ϰO"- sWmxDx\]"?P߯JVlw6++Ȁ7HY;D,5Ra:(/z0 '.Ż r?qmr?{]9,MclRc9afr[W`0Z.<',(`,Lv"VTHkMΡmlpR!%fƲ"7cP!X]-nB@:S .x C,$ˋ}P cyx ŧ$ASb0xDtƙW3.rW?aMdr^kh?Xi/.:_xH%L}Sw= aFk;O(Uƥ2x?XR|=^'`gh-/=jD*(K- Q{}΂`R)XIc"^ֳ 6A|>Ðy6xL -2VjwV㛾VtƦI:1qz륍.Q'b(56lS24Kßkj*JlTʩI7v6̈́ В]&ŮMvbesU)