Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Protecting the WLAN

    By
    Carmen Nobel
    -
    May 13, 2002
    Share
    Facebook
    Twitter
    Linkedin

      LAS VEGAS–A WLAN standards debate is pitting security against performance and leaving users operating wireless systems having to choose between one or the other. So far, most are opting for performance at their own risk.

      The standards delay is also pushing wireless system developers, such as Atheros Communications Inc., Symbol Technologies Inc. and Cisco Systems Inc., to create a confusing mix of interim security solutions.

      The IEEE has been working for months on 802.11i, a new protocol designed to fix security holes in WEP (Wired Equivalent Privacy)—the only security included in current wireless LAN standards. But disputes over authentication protocols have ensured that the debate, already months old, will drag on until at least September, according to IEEE officials in Piscataway, N.J.

      “This is the biggest issue in the industry, and we cant get past the petty infighting to figure this out?” said Rich Redelfs, president and CEO of Atheros, in Sunnyvale, Calif., the only company shipping 802.11a chip sets. “Give me a break.”

      Meanwhile, users continue to favor features over security. “We have to make security more transparent and more efficient so it doesnt increase the cost of the equipment,” said William Arbaugh, assistant professor of computer security at the University of Maryland, in College Park, and a WLAN security expert. “There should be one simple step, and WEP is enabled. Its highly unusual for it to be done right.”

      Arbaugh was one of about a dozen security experts, academics and government officials who gathered last week in Washington for a closed-door roundtable discussion of WLAN security issues. The forum, sponsored by Accenture Ltd., included discussions of standards as well as the reasons that vendors have been slow to embrace security.

      “Wireless can be secured, and we will get there. When, is the question,” Arbaugh said. “Its unfortunate that the IEEE is taking so long. But, persuading vendors is the key because theyre the ones who control the amount of security we get.”

      “Short-term economic decisions overrule security concerns at this point,” said John Clark, security technologies leader at Accenture, in New York. “The default is no security.”

      As a result of the IEEEs foot dragging, a handful of developers are building interim security solutions into their WLAN products. Atheros interim solution is to include the AES (Advanced Encryption Standard) in its next generation of chip sets.

      Supporting various combinations of 802.11a, 802.11g and 802.11b, the chip sets are due in end-user products beginning this summer. Atheros officials said the company included AES in the firmware because it wont slow data transfer the way it would in software. However, this will eventually necessitate a chip upgrade.

      “We cant wait anymore,” said Ray Martino, vice president of network products for Symbol, in San Jose, Calif. For that reason, Symbol is including its own interpretation of the Temporal Key Integrity Protocol in its latest access points even though it will mean an upgrade later to ensure interoperability.

      Cisco plans to use in future products a scheme called PEAP (Protected Extensible Authentication Protocol), which combines Transport Layer Security and EAP. Authored by Cisco, Microsoft Corp. and RSA Security Inc., PEAP is due next quarter. Cisco wants to use it, but it may not be part of 802.11i.

      Since the myriad authentication protocols are what has slowed 802.11i, some WLAN vendors said the best meantime solution could be a separate VPN (virtual private network) box such as those from Bluesocket Inc. or ReefEdge Inc.

      Users see them as a safe but expensive temporary fix destined to be obsolete when 802.11i is ready.

      “When you have large numbers of wireless users coming in on [a VPN], it wont work well,” said Kevin Baradet, network systems director at the S.C. Johnson Graduate School at Cornell University, in Ithaca, N.Y., and an eWeek Corporate Partner. “But if you just deployed a wireless LAN and are not anticipating replacing it in the next two or three years, its probably worth it to get a VPN in the meantime.”

      Some vendors disagree. “You still need a lot of horsepower in the access point,” said Ron Seide, product line manager for wireless LANs at Cisco, in Akron, Ohio. “When you have a cheap access point with a [third-party security] box behind it, you still have a cheap access point.”

      Related stories

      • Tech Analysis: Wireless LAN Security Crackdown
      • WLAN Wares Make the (54M-bps) Connection
      • Symbol Crashes WLAN Security Party
      • Cisco to Release WLAN Products
      • 802.11a and 802.11g Evolve the WLAN Space
      • Review: VPN Tools Aid WLAN Security
      Carmen Nobel
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×