The two biggest problems with WLAN security -- outside of the lack of education among users -- are:
- The security that comes loaded with access points and related gear is not turned on.
- The current security standard -- the Wired Equivalent Privacy (WEP) -- is thought by many to be insecure. There are, however, workarounds to the most obvious faults of WEP.
Setting a policy means making security priorities clear to employees. For instance, they must be told in no uncertain terms that it is not okay to stop by Radio Shack or Best Buy and pick up a wireless access point to plug into the Ethernet port at the office. Doing so creates rogue access points that are outside the realm of the enterprise's security infrastructure and can lead to lost data. The bookend to a clear security policy is enforcement. This means having the right tools on hand to test for the presence of rouge access points. "Another important step is strong policy control on the network side," says Sandeep Singhal, CTO of wireless security vendor ReefEdge. Different levels of access must be established for different people using the WLAN. For instance, the CTO should have more wireless access than an account executive. Singhal also recommends security validation testing. This ensures that configurations are set up correctly and are doing their jobs. "As with any network that faces the public, ongoing intrusion detection is important as well," Singhal says. Joel Snyder, a senior partner for Opus One, says that it's important to do something as simple as switching the WEP key periodically. "The least you can do is change it," he says. "That will help." Hope is on the horizon
A new approach to WLAN security is emerging. There are hopes that the wide-scale acceptance of WLANs and the resulting publicity around security issues is making people more aware of the issues and, therefore, less careless. The standard itself is changing as well. In the short term, a new standard -- WiFi Protected Access (WPA) -- will replace WEP. Over the long haul, the standard from which WPA is derived, called 802.11i, will also take over. Clearly, the industry is struggling to gets its ducks in a row even as wireless usage increases radically. For the time being, says Clark, "companies can be relatively safe by using WEP Weak Key Avoidance." This approach, as the name implies, bypasses the compromised elements of WEP. Also, "A key to implementing WLAN security is that it has a clear migration path," says Singhal. This can be in the form of potential software-based upgrades or the inclusion of a middleware level that handles the complexities of standards transitions independently of the security software itself. WPA has encryption and authentication layers. On the encryption layer, a concept called the temporal key integrity protocol (TKIP) is currently working its way through the IEEE's 802.11i standards committee. "TKIP will initially use RC4 encryption, but later it will implement the more secure advanced encryption standard (AES)," says Snyder. WPA authentication is being developed under a framework referred to as 802.1x. Under this framework, many possible authentication protocols or methods -- from legacy approaches to two-factor approaches to certificates -- will be available to vendors and end users.
For a weekly round-up of the enterprise IT news, sign up for the
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
