Problem solve Get help with specific problems with your technologies, process and projects.

How secure is WLAN?

How soon (if ever) will we enjoy 'secure' WLAN? And how secure is that?
Security, like beauty, is in the eye of the beholder. Whether a LAN can be considered a "secure WLAN" depends upon the organization using the LAN, the value of the data being transferred, and the consequences of unauthorized use. For example, today's WLANs are secure enough for hotspot operators - they use SSL captive portals to make sure users log in (and pay for) hotspot access, but most do not care about data encryption because the need for privacy is up to the hotspot visitor. On the other hand, hospitals must use WLANs in conjunction with higher-layer encryption (IPsec VPN, Secure Shell, SSL) in order to satisfy HIIPA mandates that require privacy of patient data. Some highly sensitive defense and military networks will not use standard 802.11 WLANs at all today.

Wi-Fi Protected Access (WPA) improvements to 802.11 security were announced last fall and are starting to emerge in products. As of 2/24/03, the Wi-Fi Alliance has not yet announced successful certification of WPA-compliant products, but you can expect this in the next couple of months. With WPA, the most significant vulnerabilities in the original 802.11 standard and WEP have been corrected. Does that mean WPA is perfect? Of course not. Security standards for any technology are always improving. WPA makes much better use of the encryption engine found in today's WLAN products, but experts readily admit it isn't the solution they would want if they were starting with a clean slate. For an even better combination of robust security and efficiency, look to products that implement IEEE 802.11i advanced security measures next year.

Even when 802.11i is completed, it will only address link-layer security - that is, controlling access to the WLAN itself and preventing eavesdropping and modification of frames over the air. True network security requires much more ? you'll still need firewalls to separate the WLAN from wired networks, authentication servers to verify wireless client identity, intrusion detection systems to spot potential attacks, etc. My point is that airlink security, whether based on WEP, WPA, or 802.11i, will never be enough for a "secure network."

This was last published in February 2003

Dig Deeper on Wireless LAN (WLAN)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.