With 802.11i, new standard means new problems

By Jim Rendon, News Writer 12 Jul 2004 | SearchNetworking.com

Digg This!     StumbleUpon     Del.icio.us

A new, more robust wireless LAN security protocol is sparking new optimism about the safety of wireless network data, but interoperability issues involving a slew of required authentication techniques could plague the industry for some time.

The recently ratified 802.11i standard includes Advanced Encryption Standard (AES), a new encryption protocol that is more complex than the currently used Wi-Fi Protected Access (WPA), requiring user authentication as defined by the 802.1x standard. The beefed up wireless security should help enterprises feel more comfortable deploying Wi-Fi, said Ken Dulaney, a vice president and distinguished analyst with the Stamford, Conn.-based research firm, Gartner Inc.

By September, the Wi-Fi Alliance, which certifies the interoperability of wireless LAN products, will begin certifying products that incorporate 802.11i, said Frank Hanzlik, managing director of the alliance. The new certification will be called WPA2.

The alliance will be testing for interoperability with AES encryption, but not -- at least initially -- for interoperability among all of the many authentication approaches, including many offered by various vendors.

That can be problematic for businesses hoping to deploy multi-vendor systems, as well as for the credibility of the Wi-Fi Alliance, said Dulaney. If the alliance does not ensure interoperability among all of the various authentication approaches, "the mission of the Wi-Fi Alliance will be compromised," Dulaney said.

But such extensive testing is no simple task. Right now there are many competing approaches to authentication, many of which are tied to products from well-known vendors. For example, Cisco Systems Inc. and Microsoft each have version a of protected extensible authentication protocol (PEAP) that are not entirely compatible. Cambridge, Mass.-based Funk Software Inc. uses multiple EAP-based approaches for its RADIUS server, as does Meetinghouse Data Communications, Portsmouth, N.H.

Hanzlik said that the Wi-Fi Alliance will not test for compatibility across all of the possible combination authentication mechanisms. With all the possible combinations, he said it is simply too expensive.

"Any additional testing [plans] in those areas are bounded by a tight economic model that makes sense," Hanzlik said. "There is a lot of activity taking place in the industry, and we are looking at ways to continue testing."

Bindu Gill, director of technical marketing for Holtsville, N.Y.-based Symbol Technologies Inc.'s wireless infrastructure division, said his company does not see the lack of interoperability among various authentication approaches as a significant problem.

"Vendors that work with enterprise-class customers recommend tested and reliable security schemes," Gill said.

Ann Sun, senior manager of wireless and mobility marketing at Cisco, said that for most enterprises, such broad interoperability will not be a problem. However, she said that retailers, universities or other types of businesses where many different devices are used might benefit from such broad interoperability testing.

Today Symbol's products support several authentication schemes, but as customer needs change over time, the company will likely support more, Gill said.

Cisco's products support any 802.1x authentication approach, Sun said.

For more information Read how hardware-upgrade fears stall wireless LAN plans.   Learn why few are making the LEAP to PEAP.

Those using older equipment and looking to upgrade to 802.11i are likely to run into some problems on both the device and access point end.

Older access points do not have the CPU power to handle AES, Gill said. Symbol, therefore, has developed an approach where customers using its older technology can revamp their Wi-Fi systems by changing smart access point systems into switched systems. That allows even older access points to be compatible with AES. The company is in the middle of enabling this capability throughout its product line.

Cisco will be releasing 802.11i products at the beginning of 2005. All of its 802.11g products are software-upgradeable to 802.11i. However, Sun said customers must replace the radios in earlier access points to use 802.11i encryption.

Older devices are also problematic. Some Symbol customers, for example, use wireless scanners that run on DOS. Since there are no 802.1x authentication schemes written for DOS, Gill said, the company works with those customers to use a VPN instead of 802.11i security.

Tags: WLAN Security,  Troubleshooting Wireless Networks,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT WLAN Security Where can I find a wire driver that unblocks recognized passwords? Will using a VPN protect me against fake wireless hotspots? Fluke gets WLAN design, management, security cred with AirMagnet Is WPA2 secure enough for a commercial business wireless network? Health center cut cost securing wireless network edge with Aerohive Wi-Fi RTLS for WLAN management, location-based security, asset tracking Wireless LAN performance management and security standards beefed up How can I hide my WLAN's SSID in an Aruba AP-61? Wireless LAN security: SonicWall joins crowded WLAN market Stolen laptop recovery using remote access and wireless network SSIDs Troubleshooting Wireless Networks Meru reinvents wireless LAN troubleshooting and management APs drop connection in WLAN configured as a wireless mesh network How to plan for 802.11n wireless LAN upgrades Vendors strive to automate wireless LAN troubleshooting and management Fluke gets WLAN design, management, security cred with AirMagnet Wi-Fi RTLS for WLAN management, location-based security, asset tracking How radio frequency (RF) of microwaves alter wireless signal strength Distributed antenna systems and WLAN: A network management burden Wireless LAN management platforms key differentiator for WLAN vendors How is wireless access point (AP) coverage affected by frequency? Troubleshooting Wireless Networks Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 802.11a  (SearchNetworking.com) home agent  (SearchNetworking.com) iDEN  (SearchNetworking.com) radio frequency  (SearchNetworking.com) repeater  (SearchNetworking.com) spectrum analyzer  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary