& cplSiteName &

WPA's Insecure Legacy

Light Reading
LR Mobile News Analysis
Light Reading
4/14/2003
50%
50%

A coming upgrade for the 802.11 specification that is being promoted by the Wi-Fi Alliance cannot be supported by the majority of wireless LAN equipment already in use, prompting concern among analysts and vendors that older infrastructure could still be used as a backdoor into supposedly secure new networks.

WiFi Protected Access (WPA) is being promoted by the WiFi Alliance as a solution to the security issues that have dogged the adoption of 802.11, especially in the enterprise (see 802.11 Security Issues Sorted?). WPA is a security system comprising the elements already fixed and agreed upon by the Institute of Electrical and Electronics Engineers Inc. (IEEE) security task group, including: Temporal Key Integrity Protocol (TKIP) and Counter Mode with CBC-MAC Protocol (CCMP) for over-the-air encryption, and access control standard for user authentication and encryption key distribution. It is supposed to be more secure than the current WEP (wired equivalent privacy) security standard.

Products incorporating WPA are now being tested and should be certified and available in May. However, while the move is a step in the right direction, WPA will be of no benefit to anyone using existing 802.11b (11-Mbit/s over 2.4GHz) networks. The technology can only be incorporated in new 802.11b, 802.11a (54-Mbit/s over 5GHz) and 802.11g (54-Mbit/s over 2.4GHz) products. This is leading to concerns about enterprises mixing newly ratified WPA products with original hardware, as the network can only be as secure as the weakest access point.

“There are issues with WPA backwards compatibility with some products,” confirms Ian Keene, vice president of telecommunications research at Gartner Inc. “If an enterprise or home user went for a single vendor solution then we don’t expect too many problems, but it is a problem for interoperability between different vendors.”

Such issues could cause a major headache for the growing number of enterprises rolling out wireless LAN networks to their employees (see 802.11 WLAN Shipments Double and Europe Set for WLAN Boom). “It is not going to be possible to buy WiFi-Alliance-tested WPA products that are backwards compatible with every previous product, and that could be a big obstacle,” says Keene, adding that he expects to see compatibility problems with the current crop of wireless LAN cards on the market.

The vendors Unstrung spoke to claim to be tackling the compatibility issue. “We are looking into it because there are certainly areas that need to be resolved,” says Proxim Corp.'s (Nasdaq: PROX) solutions marketing manager, Jan Buis. “We are aware of this problem. Security is the hottest issue in wireless LAN at the moment, and as a vendor we must make it our highest priority.”

“We are trying to educate the enterprise user by telling them about these issues,” comments 3Com Corp.’s (Nasdaq: COMS) international segment manager for wireless and security, Angelo Lamme. “A network, after all, can only be as secure as the weakest link.”

While no enterprise is immune to the compatibility problems, both vendors point out that it is the latest adopters of wireless LAN, rather than the earlier, tech-savvy enterprises, that require the greatest amounts of education as to the potential for security holes in the network. “The early adopters of wireless LAN accept some of the insecurities that exist today,” says Buis. “The primary reason why new security features have entered this market is because of the number of customers unwilling to use wireless LAN at present.”

In the short term, at least, vendors in this space face the task of informing users of the pitfalls involved in mixing old and new infrastructure. “This is an ongoing problem,” concludes Gartner’s Keene. “We expect it to be resolved in the next two years, but it isn’t going to happen overnight. It really depends on how well vendors can work with each other to help iron out the problems.”

These latest concerns will do little to combat the growing fear of security problems with enterprise wireless LAN use. In a recent Unstrung poll of readers, 72 percent of respondents perceived security as the major drag on wireless LAN deployment within corporations (see Poll: WLAN Has Limited Life). Recently, RSA Security added fuel to the fire by highlighting the ease with which corporate networks can be hacked (see Hackers Crack London WLANs).

— Justin Springham, Senior Editor, Europe, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
The independent evaluation of Nokia's key virtual network functions (VNFs) was a defining moment for the Finnish giant.
Flash Poll
Live Streaming Video
Charting the CSP’s Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it’s going from two industry veterans.
LRTV Documentaries
Leading Lights 2016 Highlights

5|25|16   |   02:26   |   (1) comment


Some of the high points from this year's Leading Lights awards dinner at the Hotel Ella in Austin, Texas.
LRTV Documentaries
Light Reading Hall of Fame 2016

5|23|16   |   05:43   |   (0) comments


Find out who has been welcomed into Light Reading's Hall of Fame this year.
LRTV Custom TV
ZTE TM Forum Highlights

5|23|16   |     |   (0) comments


ZTE showcased its new ICT solutions at TM Forum in Nice.
LRTV Interviews
Gamma's MD on the Emergence of UC2

5|20|16   |     |   (0) comments


Gamma Communications Managing Director David Macfarlane believes the unified communications (UC) market has reached a tipping point.
LRTV Custom TV
The Ultimate 5-Minute Guide to Digital Customer Engagement

5|20|16   |     |   (0) comments


In this short video, you will hear all about how Digital Customer Engagement is the key to meeting customer expectations, keeping them happy, and maximizing revenue. VP Product & Marketing at Pontis, Ofer Razon, breaks down for us the five essential capabilities for successful Digital Customer Engagement. Don’t miss!
LRTV Custom TV
NFV in 2016: Part 1 – NFV Use Cases Get Real

5|19|16   |   05:57   |   (0) comments


Consensus is building around the key use cases for NFV, including managed IP services at the network edge and on customer premises, which can generate new revenues from enterprises/SMBs and consumers; Evolved Packet Core to support LTE migration; and adjacent technologies, such as TAS and IMS, to support VoLTE and next-generation charging and policy control ...
LRTV Custom TV
Nokia's Steve Vogelsang on NFV – Part 3

5|19|16   |     |   (0) comments


Steve Vogelsang discusses the challenges of operational transformation and how Nokia helps its customers. Join Steve at the Big Communications Event in Austin the morning of May 24, on his keynote and optical networking panel.
LRTV Interviews
Level 3: Why UC Is In Demand

5|17|16   |   04:12   |   (1) comment


Andrew Edison, Level 3's senior VP of sales, EMEA region, talks about the drivers of growth in the unified communications services market.
LRTV Custom TV
ARM's OPNFV Action

5|17|16   |     |   (0) comments


At the ARM booth at MWC 2016, Joe Kidder and Bob Monkman speak to Light Reading about OPNFV and their upcoming action.
LRTV Custom TV
Nokia's Steve Vogelsang on NFV – Part 2

5|16|16   |     |   (0) comments


Steve Vogelsang gives advice to service providers on how to move to NFV. Join Steve at the Big Communications Event in Austin the morning of May 24, on his keynote and optical networking panel.
LRTV Interviews
Interoute CTO on NFV's Maturity

5|13|16   |   06:46   |   (1) comment


Matt Finnie, CTO at international operator Interoute, explains how NFV has made life easier in terms of logistics and how Interoute can now enable a 'software-defined moment' for its customers.
LRTV Huawei Video Resource Center
UBBS 2016 Highlights

5|12|16   |     |   (0) comments


Highlights of Huawei's UBBS event in Hong Kong.
Upcoming Live Events
September 13-14, 2016, The Curtis Hotel, Denver, CO
December 6-8, 2016,
June 16-18, 2017, Austin Convention Center, Austin, TX
All Upcoming Live Events
Infographics
A new survey conducted by Heavy Reading and TM Forum shows that CSPs around the world see the move to digital operations as a necessary part of their overall virtualization strategies.
Hot Topics
DT: Telcos Must Escape Vendor Prison
Iain Morris, News Editor, 5/24/2016
AT&T to Start 5G 'Friendly' Trial by 2016 End
Dan Jones, Mobile Editor, 5/24/2016
WiCipedia: Short Skirts & Back-Up Plans
Eryn Leavens, Special Features & Copy Editor, 5/20/2016
Google Doubles Down on Machine Learning, AI
Mitch Wagner, West Coast Bureau Chief, Light Reading, 5/19/2016
Eurobites: Be More European, EU Tells Streaming Services
Paul Rainford, Assistant Editor, Europe, 5/20/2016
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
In this latest installment of the CEO Chat series, Craig Labovitz, co-founder and CEO of Deepfield, sits down with Light Reading's Steve Saunders in Light Reading's New York City office to discuss how Deepfield fits in with the big data trend and more.
Grant van Rooyen, president and CEO of Cologix, sits down with Steve Saunders, founder and CEO of Light Reading, in the vendor's New Jersey facility to offer an inside look at the company's success story and discuss the importance of security in the telecom industry.
Animals with Phones
Live Digital Audio

Our world has evolved through innovation from the Industrial Revolution of the 1740s to the information age, and it is now entering the Fourth Industrial Revolution, driven by technology. Technology is driving a paradigm shift in the way digital solutions deliver a connected world, changing the way we live, communicate and provide solutions. It can have a powerful impact on how we tackle some of the world’s most pressing problems. In this radio show, Caroline Dowling, President of Communications Infrastructure & Enterprise Computing at Flex, will join Women in Comms Director Sarah Thomas to discuss the impact technology has on society and how it can be a game-changer across the globe; improving lives and creating a smarter world. Dowling, a Cork, Ireland, native and graduate of Harvard Business School's Advanced Management Program, will also discuss her experience managing an international team focused on innovation in an age of high-speed change.