Years ago, at a computer show during the dot-com boom, I stopped by the booth of a now-defunct high-speed wireless network provider and inquired about the security of the vendor's wireless networks. Specifically, I questioned the inherent insecurity of the 802.11a standard, the prevalent wireless networking specification at the time.
The engineer who was staffing the booth assured me that the company's wireless access was indeed secure, yet he failed to explain how or why. It was more than apparent that he scoffed at the idea that I would even ask such a question — particularly with potential customers present — and he seemed to want nothing more than for me to walk away.
Of course, the booth was quite elaborate, complete with fancy A/V displays and everyone working the booth dressed in sharp suits. But their appearance belied their inability to understand the security of their own products.
However, while most of us recognise the fact that looks are deceiving, appearance still appears to be everything to a whole lot of people. So I'm happy that the well-dressed agents of the Federal Bureau of Investigation recently were able to conclusively demonstrate how insecure the majority of wireless networks really are. In addition, the agency announced that even 802.11b wireless access with WEP encryption — widely touted as the secure replacement for the 802.11a standard I was so concerned about years ago — is just as insecure.
I sincerely hope this satisfies those people who insist that a suit and tie are prerequisites for knowledge of security information. It took the FBI literally three minutes to demonstrate how to break WEP encryption and gain access to a secured network.
The FBI's findings should serve as a warning to organisations currently using wireless access, and it might prevent some companies from using wireless networks entirely. Regardless, companies need to be more aware of the critical role that security plays in wireless networks.
Whatever comes of the FBI demonstration, it's important that companies fully understand this concept: Unless you've deployed end-to-end data encryption, communication is never really secure, no matter how well-secured the wireless network. Despite advances in wireless technology, the security of a wireless network will never equal that of a wired network.
Talkback
802.11a is not an 'old standard', nor was it ebver touted as secure. 802.11a is simple the same as 802.11g but in a different frequencyt band - 5ghz rather than 2.4 ghz.
wireless network CAN be more secure - all wirless users can be forced to be 'untrusted' and have to authenticate.