WLANs May Be Banned at Agencies | eWeek

WLANs May Be Banned at Agencies

Écrit par
Carmen Nobel
Carmen Nobel
Aug 26, 2002
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The proposed National Strategy to Secure Cyberspace plans to get tough on wireless technology, saying that if secure WLANs dont exist, federal agencies shouldnt use them.

The proposal aims to prevent the proliferation of unsecured wireless LANs that run on the 802.11b standard, also known as Wi-Fi, according to a draft of the strategy obtained by eWeek. The Bush administration wants a moratorium on Wi-Fi WLAN networks until security is improved and wants government IT users to avoid wireless products for sensitive applications.

Developed by the Presidents Critical Infrastructure Protection Board, the proposal, due Sept. 18, recommends that vendors change the default configurations on WLAN gear to increase security, something critics say would make the equipment difficult to use in both public and private networks.

While the language is strong, security experts who work with government agencies say they generally assume wireless products are inherently insecure.

“Built-in wireless security I consider utterly beside the point and put my trust in SSH [the Secure Shell remote connection protocol] in the hope that the folks who are dedicated to making something rock-solid secure do a better job with security than folks who are dedicated to making and selling radio transceivers,” said Steve Durst, a research engineer at Skaion Corp., a North Chelmsford, Mass., security consultancy whose customers include the Air Force and the Defense Advanced Research Projects Agency. “I tunnel everything through SSH.”

An IEEE task group is developing a standard called 802.11i to improve the security of WLANs, but that technology is not due until the fall of next year. Meanwhile, the vendor group Wireless Ethernet Compatibility Alliance plans to support an improved encryption scheme called SSN (safe secure network). The draft mentions 802.11i and SSN as improvements, but its unclear whether either would meet the governments new criteria.

“WECA has been promoting that wireless LANs need to be secured,” said Dennis Eaton, chairman of WECA, in Mountain View, Calif. “Unfortunately, security and ease of use are the nemeses of each other. Achieving both is a very difficult proposition.”

The recommendation that WLAN equipment either come out of the box secure or be disabled until users make it secure leaves some users worried about future loss of Wi-Fis plug-and-play capabilities.

When configuring WEP (Wired Equivalent Privacy), “different vendors interfaces dont seem to match. One has to enter the passwords in very different ways,” said Christopher Bell, chief technology officer of People2People Group, in Boston. Bell said it took him almost 2 hours to set up a secure access point, a notebook computer and a Pocket PC device enabled with 802.11b. “I cant imagine many people would bother to do what I did to get it all to work when simply turning off WEP made it plug and go.”

In addition to WLANs, the cyber-security strategy addresses the Bluetooth wireless protocol, which is used primarily as a cable replacement between devices. The drafts authors recommend that Bluetooth developers build a better broadcast keying scheme, a feature to prevent unlimited authentication requests and a more sophisticated encryption procedure.

Related stories:

  • Bushs Cyber-Security Plan Targets E-Mail
  • Startup Takes on WLAN Security
  • New Options Help Sort Out 802.11
  • Protecting the WLAN
  • Wireless LAN Security Crackdown
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.