How soon (if ever) will we enjoy 'secure' WLAN? And how secure is that?

    Requires Free Membership to View

Security, like beauty, is in the eye of the beholder. Whether a LAN can be considered a "secure WLAN" depends upon the organization using the LAN, the value of the data being transferred, and the consequences of unauthorized use. For example, today's WLANs are secure enough for hotspot operators - they use SSL captive portals to make sure users log in (and pay for) hotspot access, but most do not care about data encryption because the need for privacy is up to the hotspot visitor. On the other hand, hospitals must use WLANs in conjunction with higher-layer encryption (IPsec VPN, Secure Shell, SSL) in order to satisfy HIIPA mandates that require privacy of patient data. Some highly sensitive defense and military networks will not use standard 802.11 WLANs at all today.

Wi-Fi Protected Access (WPA) improvements to 802.11 security were announced last fall and are starting to emerge in products. As of 2/24/03, the Wi-Fi Alliance has not yet announced successful certification of WPA-compliant products, but you can expect this in the next couple of months. With WPA, the most significant vulnerabilities in the original 802.11 standard and WEP have been corrected. Does that mean WPA is perfect? Of course not. Security standards for any technology are always improving. WPA makes much better use of the encryption engine found in today's WLAN products, but experts readily admit it isn't the solution they would want if they were starting with a clean slate. For an even better combination of robust security and efficiency, look to products that implement IEEE 802.11i advanced security measures next year.

Even when 802.11i is completed, it will only address link-layer security - that is, controlling access to the WLAN itself and preventing eavesdropping and modification of frames over the air. True network security requires much more ? you'll still need firewalls to separate the WLAN from wired networks, authentication servers to verify wireless client identity, intrusion detection systems to spot potential attacks, etc. My point is that airlink security, whether based on WEP, WPA, or 802.11i, will never be enough for a "secure network."

This was first published in February 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: