Wireless LAN Security
Wireless LANs used to (some still do) rely
on Wired Equivalent Privacy (WEP) protocol - that uses 40 bit encryption.
This is not strong enough encryption in today's environment. This code can be broken in
a day or less by a good encryption hacker, according to University of
Berkeley's research team. The following schematic from eWeek (February 12,
2001 issue) shows how this is possible.
Schematic - Courtesy of eWeek magazine
Now vendors have started
implementing superior encryption codes. As an example, Cisco Aironet
350 wireless LAN uses Radius security protocol based on 128 bit encryption.
Wireless LAN infrastructure planners should investigate the level of
security built into vendor's hardware. Go to our site's Wireless
Security pages for more. For virus
protection in wireless environment, go here.
Improving WLAN Security
IEEE 802.11i - More durable
standards based security solution. The standard will be approved in
late 2003 with vendors building products to comply with it in 2004
in our estimation.
Interim Solutions: a number of
solutions have been proposed by different vendors. Some of these are
- Atheros (A chip vendor) AES
Solution - Atheros is to include AES (advanced
Encryption Standard) in its next generation of chips. Atheros
builds chips for 802.11a, 802.11b and 802.11g. AES is in
firmware. Eventually will require chip upgrade.
- Symbol Temporal Key Integrity
Protocol (TKIP) : Will require upgrade in future when
802.11i is implemented. Symbol has announced a scaled-down
version of TKIP called Mobile Computer Mode (MCM) for handheld
devices that can not handle full-fledged TKIP..
- Cisco's PEAP - Protected
Extensible authentication Protocol - Combines transport layer
security and EAP. Authored by Microsoft, Cisco and RSA Security
Inc., it is already in some products.
- VPN Solution from various
vendors - see details in the next section
- Special Security Gateway boxes
BlueSocket and Reefedge
- WEP2 - Rebuild WEP using new Advanced
Encryption Standard (AES) instead of RC4 and Kerberos authentication
- Fast Packet Keying - This relies on
modification to RC4 that essentially closes the loop hole in WEP
- SSN (Simple Secure Network)
Initiative from Symbol, Intersil, Intermec, Microsoft and Cisco
- Under this scheme, encryption key changes periodically
VPNs for Handheld Devices
Security in Handheld Operating
You can expect future versions of
Palm OS (Version 5) and Microsoft Windows CE (powering Pocket PC
devices) to have integrated security built into the OS itself. You
can expect system-wide 128 bit RC4 encryption in Windows CE and a
security authentication/authorization framework for Palm OS version
Wireless LAN Security Software/Hardware
- extensively employed in university
- Cranite Systems
Inc. - WirelessWall Policy server, WirelessWall Access
Controller and WirelessWall client software
Defense - Enhanced encryption and password protection
for Palm OS , Pocket PC and Blackberry devices - Can remove
critical data from device storage after several unsuccessful attempts to sign on.
Secure ( From Trust Digital) -
- provides a hardware solution for centralized monitoring, configuration and
authentication for multiple access points in a WiFi
(IEEE 802.11a/b) wireless LAN - NIC (network Interface Card) and
AP (Access Point) transparent
Mobius Centralized WLAN Security Management Architecture
- Hardware-based security solution for wireless LANs - similar
to Bluesocket and Reefedge
wireless security vendors
- See Wireless
LAN management topic page also