Recent news in late April and early May bodes well for wireless network users and administrators alike. That's...
because recent developments should help improve security capabilities and ease of use once more products show up that implement or use them. Consider the recent news items in the paragraphs that follow -- you'll see what I mean!
PC World reports that "Wi-Fi Security Improves", primarily because the Wi-Fi alliance plans to certify products that implement new 802.11i and 802.11e standards by September, 2004. In a very small nutshell, that's because these new standards will be implemented in chipsets that support enhanced security capabilities. These address numerous well-documented weaknesses of the Wireless Encryption Protocol (WEP), and support the more robust and secure Advanced Encryption Standard (AES). Note that some older equipment that can't be upgraded in firmware to accommodate these new capabilities may have to be replaced. 802.11e, among other things, will also support use of wireless handsets for IP telephony, thereby enabling easier integration of cordless handsets with IP telephone systems.
Silcon foundry/chip developer Broadcom has developed a Windows setup Wizard called SecureEZSetup that makes it much easier to install and configure Wireless Protected Access (WPA) Wi-Fi equipment (WPA is a stopgap measure for 802.11x that replaces the sadly-deficient WEP with a stronger, time-based key integrity mechanism and that changes keys every time 10 Kbytes worth of data travels into or through any network host). Because many users complain that WPA is too complex to set up and use, the Broadcom utility prompts them through the necessary steps and handles most of the process automatically and invisibly. Its primary target is for home or SOHO users, so it works in pre-shared key mode rather than looking for a RADIUS server to handle keys on its behalf. TechWorld (the publication whose story is linked earlier in this paragraph) speculates that SecureEZSetup could easily be adapted for enterprise users as well. In a story picked up on ABC News, PC Magazine reports further that products that incorporate this technology should appear soon in products from "Belkin, Buffalo Technologies, Linksys, and other manufacturers."
Both sets of developments emphasize that leaving security in users' hands is a difficult and sometimes vexing proposition. I see both developments as ways to make wireless security stronger, and to make it simpler and easier to use. If unused, the best security in the world is worthless; that's what makes this news encouraging as well as interesting.
Ed Tittel is a full-time writer, trainer, and consultant. He's written widely on security topics, including security policy tips for SearchSecurity.com, certification prep books for TICSA, CISSP, and Security+, and as a contributing editor for Certification magazine. He was recently awarded the NPA Career Achievement Award at Network+Interop 2004. E-mail Ed at firstname.lastname@example.org.