RSA Security Inc. on Monday announced that its SecurID two-factor authentication solution now includes functionality capable of helping to protect wireless LANs. The solution now supports PEAP (Protected Extensible Authentication Protocol), a security add-on to the 802.1x WLAN standard.
PEAP is designed to solve many of the security issues associated with WLANs, most of which have to do with user authentication and access point authentication. Most WLAN implementations employ simple username and password authentication—often with static passwords—for network access. And because WLAN transmissions are quite easy to intercept and are often sent in unencrypted form, crackers find it trivial to steal authentication information and gain access to networks.
RSAs SecurID system relies on a secret PIN and a token, which can be either hardware- or software-based. The user must have both the token and the PIN in order to access the WLAN.
RSA, of Bedford, Mass., has already tested the SecurID solution with two vendors: Proxim Inc., which sells access points, and Funk Software Inc., which sells WLAN security products.
Many enterprise IT managers have deployed VPNs to help secure their WLAN implementations, and RSA is counting on those companies to create some demand for this new functionality. The SecurID solution can be used to authenticate both the end user and the access point, helping to prevent unauthorized users from hijacking an authenticated VPN session.