News Stay informed about the latest enterprise technology news and product updates.

Hardware-upgrade fears stall wireless LAN plans

The IEEE is poised to approve the 802.11i WLAN security standard this year, but much of companies' existing hardware will be incompatible, forcing upgrades. This scenario has forced one group to put off its WLAN implementation indefinitely.

The next key wireless LAN security standard should be approved this year, but some users are up in arms over the specification, which could force massive hardware upgrades and make Wi-Fi network management more complex.

The Institute of Electrical and Electronics Engineers (IEEE), an important networking standards body, is on track to ratify the 802.11i security standard at some point this year, though the timetable is uncertain.

Among other security improvements , 802.11i will replace the Wi-Fi Protected Access (WPA) encryption protocol with Advanced Encryption Standard (AES), a much more computing-intensive algorithm.

I don't want to make a major investment in a lot of equipment that is just going to become obsolete later.
Rick Scholl
electronic system engineerMilwaukee Museum
Because of the complexity of AES, vendors cannot provide software upgrades for much of their existing WLAN equipment, particularly access points that are more than a year old, said Chris Kozup, a program director with Stamford, Conn.-based research firm Meta Group.

Chris Bolinger, a product marketing manager for Cisco Systems Inc.'s wireless network business unit, said that because access points may be decrypting signals from multiple devices, they will need hardware upgrades to avoid significant losses of throughput. Most enterprise class access points that are being manufactured today will be able to use 802.11i with only a software upgrade.

Many newer devices, such as laptops and handhelds, will only need a software upgrade to use 802.11i, since they have enough native computing power to decrypt AES without hurting performance, said Bolinger. He added that many older scanner-type devices that run on DOS won't be able to use 802.11i at all.

That means that, in order to take advantage of AES, many users could be forced to replace significant amounts of hardware, though some products will only require the installation of new radio modules.

This upgrade requirement for hardware that may be no more than 24 months old has left some users frustrated, and even shying away from wireless LAN implementations altogether.

Rick Scholl, an electronic system engineer with the Milwaukee Museum, has put his Wi-Fi plans on hold. The museum wants to install a Wi-Fi system for use by both museum staff and the public, but it has delayed purchasing equipment until after the 802.11i specification is ratified.

"I don't want to make a major investment in a lot of equipment that is just going to become obsolete later," Scholl said.

Scholl may be right to wait, Kozup said. 802.11i will be ratified perhaps as early as this summer, he said. Products could be on the market by the fall.

Scholl, however, finds little solace in waiting. He said that the IEEE should be able to find a more secure path for Wi-Fi without requiring costly and expensive hardware upgrades.

Still, Brian Mathews, the publicity chair for the IEEE's 802.11 committee, defended his group's work. He said the Wi-Fi market has already suffered from serious security problems with Wired Equivalent Privacy (WEP), the predecessor to WPA that was widely considered flawed. It is important that the group find the best security solution it can, he said.

"If we don't address security to the fullest extent possible, we'll get slammed as an industry," he said. "Hardware upgrades are unfortunate, but it is unacceptable to have a system that is not secure."

For More Information

 Browse our Topics on wireless LAN security.

Learn more about the focus of 802.11i.

Rather than forcing wholesale upgrades, the introduction of 802.11i is much more likely to make wireless networks more complicated. Few companies will upgrade everything all at once, Kozup said, and wireless network security will likely become a confusing mix of WPA and 802.11i.

Kozup said that, when 802.11i-enabled equipment is available, businesses will have to segment the network using virtual local area networks to keep traffic with different security levels separate from each other. Using a service set identifiers (SSIDs), which are special wireless LAN naming conventions, administrators can set policies that segregate users based on the forms of security they are using. Those with lower levels of security may have access to less important data.

With so many different levels of security, networks could become more vulnerable, Kozup said. At the very least, they will become much more complicated to manage.

Dig Deeper on Wireless LAN (WLAN)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.