Wireless LANs

Wireless LAN Security Considerations

Wireless LANs used to (some still do) rely on Wired Equivalent Privacy (WEP) protocol - that uses 40 bit encryption.  This is not strong enough encryption in today's environment. This code can be broken in a day or less by a good encryption hacker, according to University of Berkeley's research team. The following schematic from eWeek (February 12, 2001 issue) shows how this is possible.

Schematic - Courtesy of eWeek magazine

Now vendors have started implementing superior encryption codes.  As an example, Cisco Aironet 350 wireless LAN uses Radius security protocol based on 128 bit encryption. Wireless LAN infrastructure planners should investigate the level of security built into vendor's hardware.  Go to our site's Wireless Security pages for more. For virus protection in wireless environment, go here.

Improving WLAN Security

IEEE 802.11i - More durable standards based security solution. The standard will be approved in late 2003 with vendors building products to comply with it in 2004 in our estimation.

Interim Solutions: a number of solutions have been proposed by different vendors. Some of these are described hereunder:

• Atheros (A chip vendor) AES Solution -  Atheros is to include AES (advanced Encryption Standard) in its next generation of chips. Atheros builds chips for 802.11a, 802.11b and 802.11g. AES is in firmware. Eventually will require chip upgrade.
• Symbol Temporal Key Integrity Protocol (TKIP) : Will require upgrade in future when 802.11i is implemented. Symbol has announced a scaled-down version of TKIP called Mobile Computer Mode (MCM) for handheld devices that can not handle full-fledged TKIP..
• Cisco's PEAP - Protected Extensible authentication Protocol - Combines transport layer security and EAP. Authored by Microsoft, Cisco and RSA Security Inc., it is already in some products.
• VPN Solution from various vendors - see details in the next section
• Special Security Gateway boxes - From BlueSocket and Reefedge 
• WEP2 - Rebuild WEP using new Advanced Encryption Standard (AES) instead of RC4 and Kerberos authentication
• Fast Packet Keying - This relies on modification to RC4 that essentially closes the loop hole in WEP
• SSN (Simple Secure Network) Initiative from Symbol, Intersil, Intermec, Microsoft and Cisco - Under this scheme, encryption key changes periodically

VPNs for Handheld Devices

• VPN Client has been built for Pocket PC - go to http://www.pocketpc.com
• AdmitOne for Pocket PC from Funk software - http://www.funk.com
• Certicom's MovianVPN for Windows CE, Palm, and Symbian - http://ww.certicom.com
• Mergic VPN fort Palm OS http://www.mergic.com

Security in Handheld Operating Systems 

You can expect future versions of Palm OS (Version 5) and Microsoft Windows CE (powering Pocket PC devices) to have integrated security built into the OS itself. You can expect system-wide 128 bit RC4 encryption in Windows CE and a security authentication/authorization framework for Palm OS version 5.

Wireless LAN Security Software/Hardware Vendors

• Bluefire Security Technologies 
• Bluesocket - extensively employed in university environments
• Columbitech
• Cranite Systems Inc. - WirelessWall Policy server, WirelessWall Access Controller and WirelessWall client software
• PDA Defense  - Enhanced encryption and password protection for Palm OS , Pocket PC and Blackberry devices - Can remove critical data from device storage after several unsuccessful attempts to sign on.
• PDA Secure ( From Trust Digital) - 
• Reefedge - provides a hardware solution for centralized monitoring, configuration and authentication for multiple access points in a WiFi (IEEE 802.11a/b) wireless LAN - NIC (network Interface Card) and AP (Access Point) transparent 
• Symbol's Mobius Centralized WLAN Security Management Architecture
• Vernier - Hardware-based security solution for wireless LANs - similar to Bluesocket and Reefedge
• General-purpose wireless security vendors 
• See Wireless LAN management topic page also