& cplSiteName &

WPA's Insecure Legacy

Light Reading
LR Mobile News Analysis
Light Reading

A coming upgrade for the 802.11 specification that is being promoted by the Wi-Fi Alliance cannot be supported by the majority of wireless LAN equipment already in use, prompting concern among analysts and vendors that older infrastructure could still be used as a backdoor into supposedly secure new networks.

WiFi Protected Access (WPA) is being promoted by the WiFi Alliance as a solution to the security issues that have dogged the adoption of 802.11, especially in the enterprise (see 802.11 Security Issues Sorted?). WPA is a security system comprising the elements already fixed and agreed upon by the Institute of Electrical and Electronics Engineers Inc. (IEEE) security task group, including: Temporal Key Integrity Protocol (TKIP) and Counter Mode with CBC-MAC Protocol (CCMP) for over-the-air encryption, and access control standard for user authentication and encryption key distribution. It is supposed to be more secure than the current WEP (wired equivalent privacy) security standard.

Products incorporating WPA are now being tested and should be certified and available in May. However, while the move is a step in the right direction, WPA will be of no benefit to anyone using existing 802.11b (11-Mbit/s over 2.4GHz) networks. The technology can only be incorporated in new 802.11b, 802.11a (54-Mbit/s over 5GHz) and 802.11g (54-Mbit/s over 2.4GHz) products. This is leading to concerns about enterprises mixing newly ratified WPA products with original hardware, as the network can only be as secure as the weakest access point.

“There are issues with WPA backwards compatibility with some products,” confirms Ian Keene, vice president of telecommunications research at Gartner Inc. “If an enterprise or home user went for a single vendor solution then we don’t expect too many problems, but it is a problem for interoperability between different vendors.”

Such issues could cause a major headache for the growing number of enterprises rolling out wireless LAN networks to their employees (see 802.11 WLAN Shipments Double and Europe Set for WLAN Boom). “It is not going to be possible to buy WiFi-Alliance-tested WPA products that are backwards compatible with every previous product, and that could be a big obstacle,” says Keene, adding that he expects to see compatibility problems with the current crop of wireless LAN cards on the market.

The vendors Unstrung spoke to claim to be tackling the compatibility issue. “We are looking into it because there are certainly areas that need to be resolved,” says Proxim Corp.'s (Nasdaq: PROX) solutions marketing manager, Jan Buis. “We are aware of this problem. Security is the hottest issue in wireless LAN at the moment, and as a vendor we must make it our highest priority.”

“We are trying to educate the enterprise user by telling them about these issues,” comments 3Com Corp.’s (Nasdaq: COMS) international segment manager for wireless and security, Angelo Lamme. “A network, after all, can only be as secure as the weakest link.”

While no enterprise is immune to the compatibility problems, both vendors point out that it is the latest adopters of wireless LAN, rather than the earlier, tech-savvy enterprises, that require the greatest amounts of education as to the potential for security holes in the network. “The early adopters of wireless LAN accept some of the insecurities that exist today,” says Buis. “The primary reason why new security features have entered this market is because of the number of customers unwilling to use wireless LAN at present.”

In the short term, at least, vendors in this space face the task of informing users of the pitfalls involved in mixing old and new infrastructure. “This is an ongoing problem,” concludes Gartner’s Keene. “We expect it to be resolved in the next two years, but it isn’t going to happen overnight. It really depends on how well vendors can work with each other to help iron out the problems.”

These latest concerns will do little to combat the growing fear of security problems with enterprise wireless LAN use. In a recent Unstrung poll of readers, 72 percent of respondents perceived security as the major drag on wireless LAN deployment within corporations (see Poll: WLAN Has Limited Life). Recently, RSA Security added fuel to the fire by highlighting the ease with which corporate networks can be hacked (see Hackers Crack London WLANs).

— Justin Springham, Senior Editor, Europe, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Light Reading’s Upskill U is a FREE, interactive, online educational resource that delivers must-have education on themes that relate to the overall business transformation taking place in the communications industry.
Wednesday, November 9, 1:00PM EST
MANO 101
Toby Ford, AVP, Cloud Technology, Strategy & Planning, AT&T
Friday, November 11, 1:00PM EST
Open Source for NFV MANO
Wednesday, November 16, 1:00PM EST
SDN 101
John Isch, Practice Director, Network & Voice, Orange Business Services
Friday, November 18, 1:00PM EST
SDN & Open Source
Christopher W. Rice, Senior Vice President of AT&T Labs, Domain 2.0 Architecture and Design
in association with:
From The Founder
Light Reading today starts a new voyage as part of a larger Enterprise.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Custom TV
OneAccess NFV Solutions

10|26|16   |   5:30   |   (0) comments

Antoine Clerget, CTO of OneAccess, discusses how his company has expanded its product line from enterprise-class routers to include a universal virtualized CPE as well as a suite of VNFs to help telco customers evolve to an NFV future.
LRTV Custom TV
The Journey Toward Carrier-Grade WiFi

10|26|16   |   3:39   |   (0) comments

In this Light Reading interview, Dave Sperling, CTO at Smith Micro Software and active participant of the WBA's policy working group, discusses the need for carrier-grade WiFi. Technical and business challenges slowing the fulfillment of this goal are addressed, as well as management strategies that will enable communication service providers to optimize end user ...
LRTV Custom TV
ZTE BBWF Highlights

10|26|16   |     |   (0) comments

At BBWF 2016, ZTE showed a broad range of innovative technologies that are kick-starting an ultrafast broadband journey.
LRTV Custom TV
Next-Generation Technology Beyond DOCSIS 3.1

10|20|16   |     |   (0) comments

At SCTE 2016, Huawei's Liu Jianhua speaks with Alan Breznick for an exclusive interview.
LRTV Custom TV
Hybrid Video Solutions to Change TV, Change Future

10|20|16   |     |   (0) comments

At SCTE 2016, Huawei's Ian Locke speaks with Alan Breznick for an exclusive interview.
LRTV Custom TV
Huawei Future-Oriented Giga Coax Network

10|20|16   |     |   (0) comments

At SCTE 2016, Huawei's Allen Wang speaks with Alan Breznick for an exclusive interview.
LRTV Custom TV
Huawei at SCTE 2016

10|20|16   |     |   (0) comments

Join Alan Breznick of Light Reading and take a sneak peek at the Huawei booth at SCTE 2016.
LRTV Custom TV
Assuring Network Quality in a Rapidly Changing Environment

10|20|16   |     |   (0) comments

As the rate of change and complexity increases in agile networks, the importance of introducing DevOps methodologies for integrating active test and assurance solutions throughout the full service lifecycle becomes critical to ensure that customers are experiencing the service quality they demand. The industry landscape is changing, and software-based test and ...
Telecom Innovators Video Showcase
A10 Networks on Service Providers' Industry Needs

10|20|16   |     |   (0) comments

Light Reading's Steve Saunders hears how A10 enables service providers to accelerate, secure and optimize their application delivery to drive down costs, enhance service availability, and better respond to customer requirements, so they can improve customer satisfaction, monetize their network, and grow revenues.
LRTV Custom TV
New NFV Use Cases for Cable TV

10|19|16   |     |   (0) comments

A large number of NFV use cases are focused on the enterprise domain, looking at virtualization of customer-premises equipment (CPE). To date, there has been little focus on the use cases and business case for virtualization of the video content delivery networks required to deliver unicast and streaming video to consumers. Amdocs commissioned Analysys Mason to ...
Women in Comms Introduction Videos
Meet the Future Workforce: New Faces, Expectations & Motivations

10|19|16   |   5:33   |   (1) comment

Millennials and their younger peers, Gen Z, expect more out of their network and more out of their work. Intel's Lynn Comp shares how the industry can prepare for this new generation of workers.
LRTV Custom TV
ZTE Global Services User Congress 2016 Highlights

10|19|16   |     |   (0) comments

ZTE held its 2nd Global Service User Conference in Dusseldorf on October 13-14. Representatives from network operators, leading industry analysts and ZTE senior expertsattended the event, exploring the best practice in managed services and the vision to transform network operations into the operations center of the future (OpCF) in the software-defined networking ...
Upcoming Live Events
November 3, 2016, The Montcalm Marble Arch, London
November 30, 2016, The Westin Times Square, New York City
December 1, 2016, The Westin Times Square, New York, NY
December 6-8, 2016, The Westin Excelsior, Rome
May 16-17, 2017, Austin Convention Center, Austin, TX
All Upcoming Live Events
Hot Topics
Trump: Dump AT&T/TW & Comcast/NBC
Alan Breznick, Cable/Video Practice Leader, Light Reading, 10/24/2016
Google Fiber Hits Pause Button, Scales Back
Alan Breznick, Cable/Video Practice Leader, Light Reading, 10/26/2016
T-Mobile: AT&T & TW Means Ma Bell Not Focused on Mobile
Dan Jones, Mobile Editor, 10/24/2016
Sprint: Revenue up 3%, Capex Will Rise Again
Dan Jones, Mobile Editor, 10/25/2016
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Join us for an in-depth interview between Steve Saunders of Light Reading and Alexis Black Bjorlin of Intel as they discuss the release of the company's Silicon Photonics platform, its performance, long-term prospects, customer expectations and much more.
There's no question that, come 2020, 5G technology will turn the world's conception of what mobile networking is on its head. Within the world of 5G development, Dr. ...
Animals with Phones
'Oh, Were You Looking for This?' Click Here
'I was just playing some games...'
Live Digital Audio

A vital part of increasing the number of women in comms is transforming the ways companies can support and empower women. While progressive company policies that support both men and women in achieving work-life balance are a step in the right direction, creating a company culture that supports those policies can at times be more challenging.

During this show, we'll talk to Lynn Comp, Senior Director of Industry and Sales Enabling (ISE) in the Network Platforms Group at Intel, about why those challenges exist and how companies can overcome them. She'll provide insight into how Intel has worked to create a culture that supports work-life balance, and provide steps and guidance for other companies wishing to do the same. We will also leave plenty of time to get your questions answered live on the air.