New WLAN Security Has Its Price

Opinion: Robust 802.11i security is finally here. IT managers must now decide if it's worth it.

Last week the IEEE gave its official stamp of approval to 802.11i, the long-awaited security specification that replaces Wired Equivalent Privacy, the original—and basically insecure—802.11 security scheme. In its place, were getting the robust, elegant and globally applauded Advanced Encryption Standard.

That comes as good news in a month in which wireless security was haunted by news of a new cell phone virus. And it should bring a sigh of relief from the wireless industry that has been waiting to exhale for some time.

Colin Macnab, vice president of marketing and business development for wireless chip maker Atheros Communications, told me 802.11i "brings a level of encryption that is acceptable for the enterprise. Now the market can meet the expectations Ive seen reported for it for the last four to five years."

Actually, it could have before now. Atheros and Broadcom, its counterpart in the wireless chip-set business, have been putting AES in silicon for well over a year now. Broadcom shipped an 802.11g chipset with AES in hardware in fall, 2002 and McNab said "we put the hardware in our chips in our February 03 release."

According to McNab, "theres little to change but the marketing. Nobody could call it 802.11i until it became official." Up until now the chip sets could only claim to be "compliant with the draft standard."

Compliance with a draft standard was evidently not enough to assuage the doubts of enterprise network managers. From nearly the moment that the 802.11b specification was released in 1999, WEP had been generating the kind of headlines no one wanted to see. There were the reports of "war driving" hackers who, with laptops equipped with antennas crafted from Pringles cans and tools they downloaded from the Internet, managed to penetrate corporate networks.

/zimages/4/28571.gifClick here to read Carol Ellisons take on war driving.

And there were those scathing comments from Richard Clarke, chairman of the Presidents Critical Infrastructure Protection Board, who in 2002 declared, "We should all shut [wireless LANs] off until the technology gets better." That, despite the fact that 802.11b delivered no less than what the feds demanded of it when it was adopted in 1999. The specification met the federal security mandate of that time.

The imprimatur the IEEE gave the new standard last week and the certification program that the Wi-Fi Alliance is now putting behind it to assure corporate buyers of the devices interoperability should open doors that previously remained closed.

Next Page: Delivering on the wireless security promise.