WLAN Security Gets Serious

A new standard that promises to fix existing problems now has some products that support it.

After years of hand-wringing over the lack of effective wireless LAN (WLAN) security, players in the WLAN arena have finally agreed on a security specification that addresses most of the vulnerabilities. At the N+I trade show in late April, the Wi-Fi Alliance announced reference designs from chip set vendors Atheros, Broadcom, and Intersil for the new Wi-Fi Protected Access (WPA) standard, and products certified for the standard from vendors including Cisco Systems, Intel, and Symbol Technologies.

WPA is a combination of an existing standard for authenticating users or client hardware, called 802.1x, an encryption scheme called the Temporal Key Integrity Protocol (TKIP), and a message integrity-check mechanism called Michael. TKIP, which uses different encryption keys for each session and different 128-bit keys for every single packet transmitted, is a vast improvement over its predecessor WEP (Wired Equivalent Privacy). WEP used static keys and could be cracked in minutes by anyone using free utilities available on the Web.

"Were very positive about WPA," says Abner Germanow, Wireless LAN Research Manager for research firm IDC. "It delivers the tight security that WEP should have had in the first place."

WLANs still have obstacles to overcome though. A recent Jupiter Research study showed that 31 percent of executives cite inadequate network security as the top barrier to deployment of wireless networks. "You still have most businesses playing with technology pilots to determine WLANs true business value," says Germanow. "When they decide to leap, probably sometime late this year or early next, they will find that most security problems have finally been addressed." The trick is that users still have to enable security features, however—and unfortunately, most havent bothered to do so in the past.