Securing LAN And Air
Well-publicized security breaches in the wireless local area networking standard have plagued the market, but leading vendors insist the problems are surmountable.
Concern about wireless LAN security swelled when researchers at the University of California at Berkeley published a report detailing weaknesses of the wired equivalent privacy (WEP) algorithm built into the wireless LAN standard. That report was quickly followed by another report, published by researchers at the University of Maryland.
Just as the response died down, another report emerged, written by a well-known security expert and revealing a far simpler way to break into a wireless LAN network by discovering the encryption key.
However, product vendors contend that the weaknesses of WEP have long been known, and that they have what they need to patch holes and build secure networks. "It was always believed that WEP was for base-level protection only," said David Cohen, solutions line business manager of 3Coms wireless connectivity division, and founder and chairman of the Wireless Ethernet Compatibility Alliance. Cohen and others said WEP was never designed to be a complete security solution.
Security issues shouldnt prevent an enterprise from deploying a wireless LAN, he said. "I think it would be a mistake to give up the incredible benefits that wireless LANs offer over undue concerns about security," Cohen said.
However, enterprises are now acutely aware of security. "Enterprises have to be able to trust their networks. We need to ensure that trust exists so that enterprises will feel comfortable," said Dean Douglas, general manager of wireless e-business services at IBM Global Services.
Vendors have responded aggressively to the concern. Even before a spotlight shone on WEP weaknesses, 3Com was developing more stringent security for its products. Its most recent solution includes the dynamic security link feature, which assigns a unique key to each user on a per-session basis. Without such a solution, all users on a corporate campus, for example, use the same key. As a result, a hacker need only discover that key to access the entire system.
IBM has an audit service that can help corporations assess their wireless LANs. The company offers both authentication and encryption solutions. In addition, IBM now has integrated a chip into some laptops that supports key encryption and digital signatures for authentication.
Cisco Systems developed a unique mutual authentication technology when it acquired Aironet, the Cisco division that offers wireless LAN gear. The technology not only authenticates the user, but authenticates the network. This is particularly valuable where wireless LANs overlap.
It also prevents some foul play. "Enterprises wont deploy wireless unless they are assured that rogue access points cant come into the network," said Kittur Nagesh, product line manager of Ciscos Aironet wireless LAN solution.