Print
Discuss
Send to friend
RSS feeds
Many people argue that security is the biggest challenge for wireless LAN (WLAN) products. The Wired Equivalent Privacy (WEP) technology integrated by default into most wireless LAN (WLAN) products isn't up to the job and better encryption is needed.
But a lack of security doesn't seem to be stopping customers from investing in wireless networks. Sales are going through the roof at a time when the wider networking industry is in the doldrums. But although lip service is being paid to the need for better protection against snoopers, wireless vendors aren't exactly falling over themselves to tackle security problems.
At least not for customers that have already invested heavily in their products.
The new Wi-Fi Protected Access (WPA) security initiative from the Wi-Fi Alliance is a case in point. This industry consortium includes most of the leading wireless vendors. Apparently frustrated by the poor security of WLANs, they decided to do something about it. That something was to "borrow" some of the technologies that will, eventually, be part of the long-awaited IEEE 802.11i wireless security standard, and use them to create their own security solution.
Specifically, WPA uses the Temporal Key Integrity Protocol (TKIP), which beefs up security by using different encryption keys for each packet of data transmitted. This makes WPA a lot harder to crack, compared with the fixed keys used by WEP.
WPA also introduces an integrity check to prevent attackers modifying packets as they are communicated. There's support too for Radius authentication in WPA and facilities to stop authenticated users joining rogue networks that might then steal their credentials.
So far so good. Wide industry support was pledged for WPA when it was announced, not least from Microsoft, which recently released a free WPA patch for the wireless networking in Windows XP. However, hardware changes are also needed for WPA to work and it is here that the members of the Wi-Fi Alliance appear to be dragging their feet, despite the apparent enthusiasm for the new standard.
According to the development roadmap published by the Wi-Fi Alliance when WPA was announced, certification should have been well under way by now. Firmware updates to add WPA support should, therefore, be starting to appear for most wireless products. But there's precious little evidence of that happening.
Indeed anyone looking to update the wireless adapters and access points they already own for WPA is likely to be disappointed. Because all of the vendors I have talked to are concentrating on adding it first to new wireless products. Backwards compatibility is seemingly well down their list of priorities.
Now is it just me, or does that smack of using concerns over security as a selling tool? Just another manifestation of that age-old marketing ploy - spreading fear, uncertainty and doubt to sell products?
Don't get me wrong, wireless security needs to be taken seriously. But bearing in mind that most customers don't even bother to implement the WEP protection already provided, I really do start to wonder what all the fuss is about.
Have your say: reply to IT Week
del.icio.us
Digg this
reddit!
