Wi-Fi Security Spec Ratified

The 802.11i standard has been formally approved, paving the way for improved security within wireless networks.

As expected, the 802.11i standard was finalized Thursday, paving the way for improved security within wireless networks.

Proponents of the standard said that the 802.11i specification could have an immediate impact on VPN infrastructure, which could be relegated to a lesser role inside a corporate network.

The standard was ratified on Thursday at an IEEE standards committee meeting in Piscataway, N.J. The 802.11i standard adds a needed layer of security to Wi-Fi, which has become widespread both in the consumer and corporate spaces. Early attempts at security, such as WEP (Wired Equivalent Privacy), provided some basic security but were derided as too easy to crack.

"Intel is ecstatic," said Robin Ritch, director of security industry marketing for Intel Corp. in Santa Clara, Calif., who said all of the companys Centrino chip sets, including the older models, are compliant with the specification.

As expected, vendors are already rolling out firmware enabling 802.11-compliant security protocols, although the software wont officially be pushed to customers until September, when the Wi-Fi Alliance is expected to begin interoperability testing to make sure devices can talk to one another, Ritch said. Devices compliant with the 802.11i spec will likely be certified as compliant with WPA2, the second generation of Wi-Fi Protected Access, she said.

/zimages/2/28571.gifClick here to read about how Symbol and other companies are moving forward on WLAN security solutions.

802.11is encryption protocols are based on the AES (Advanced Encryption Standard) and meet the limited encryption requirements for the Federal Information Processing Standard 140-2 specification for the protection of sensitive information.

The new standard will add Layer 2 security to a Wi-Fi card, sufficient for wireless access inside a corporate network, Ritch said. In the early days of Wi-Fi, Intel recommended users connect to a VPN while roaming wirelessly, even when inside their corporate network.

The security provided by 802.11i is sufficient enough that IT managers can eliminate VPNs except when workers are connecting remotely, such as at a hotel, Ritch said. Intels own IT staff plans to relax its security restrictions, she said, eliminating the use of internal VPNs while employees are inside their own network.

Chris Bolinger, manager of the Field and Partner Marketing team in the Wireless Networking Business Unit of Cisco Systems, Inc., Santa Clara, Calif., said it is natural that some customers will want to migrate away from VPNs to standards-based solutions such as 802.11i. However, many customers will also stay with WPA unless theyre given a compelling reason to move to AES, he said.

"Weve always tried to provide solutions to meet customer demand in the wireless LAN space," Bolinger said.

The performance penalty users will pay for turning on the additional 802.11i functionality is unknown. In tests of Intels Grantsdale/Intel 915 chip set, for example, turning on high-definition audio features integrated into the chip set required a significant amount of CPU power, according to a recent ExtremeTech review. Intel spokesman Mark Miller said Intel had not tested the effects of the new 802.11i firmware on battery life to his knowledge, but he estimated that the effects would be "negligible" on the battery life of a Centrino-based notebook.

/zimages/2/28571.gifCheck out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.


Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page

Editors Note:: This story has been updated at 3:10 PM PDT on June 24 to add comments from Ciscos Bolinger.