| Wireless LAN Security Considerations |
Wireless LANs used to (some still do) rely on
Wired Equivalent Privacy (WEP) protocol - that uses 40 bit encryption. This is
not strong enough encryption in today's environment. This code can be broken in
a day or less by a good encryption hacker, according to University of Berkeley's
research team. The following schematic from eWeek (February 12, 2001 issue)
shows how this is possible.
Schematic - Courtesy of eWeek magazine
Now vendors have started implementing superior
encryption codes. As an example, Cisco Aironet 350 wireless LAN uses Radius
security protocol based on 128 bit encryption. Wireless LAN infrastructure
planners should investigate the level of security built into vendor's hardware.
Go to our site's Wireless Security pages for more. For virus protection in
wireless environment, go here.
Improving WLAN Security
IEEE 802.11i More durable standards
based security solution. The standard will be approved in late 2003 with vendors
building products to comply with it in 2004 in our estimation.
Interim Solutions: a number of solutions
have been proposed by different vendors. Some of these are described hereunder:
- Atheros (A chip vendor) AES Solution
- Atheros is to include AES (advanced Encryption Standard) in its next
generation of chips. Atheros builds chips for 802.11a, 802.11b and 802.11g.
AES is in firmware. Eventually will require chip upgrade.
- Symbol Temporal Key Integrity Protocol (TKIP)
: Will require upgrade in future when 802.11i is implemented. Symbol has
announced a scaled-down version of TKIP called Mobile Computer Mode (MCM)
for handheld devices that can not handle full-fledged TKIP..
- Cisco's PEAP- Protected Extensible
authentication Protocol - Combines transport layer security and EAP.
Authored by Microsoft, Cisco and RSA Security Inc., it is already in some
products.
- Special Security Gateway boxes - From
BlueSocket and Reefedge
- WEP2 - Rebuild WEP using new Advanced
Encryption Standard (AES) instead of RC4 and Kerberos authentication
- Packet Keying - This relies on
modification to RC4 that essentially closes the loop hole in WEP
- SSN (Simple Secure Network) Initiative from
Symbol, Intersil, Intermec, Microsoft and Cisco - Under this scheme,
encryption key changes periodically
VPNs for Handheld Devices
- VPN Client has been built for Pocket PC - go
to http://www.pocketpc.com
- AdmitOne for Pocket PC from Funk software -
http://www.funk.com
- Certicom's MovianVPN for Windows CE, Palm,
and Symbian -
- http://ww.certicom.com
- Mergic VPN fort Palm OS
http://www.mergic.com
|
