A Security Blanket?
11:15 AM -- I think we can put “security” to bed as a showstopper in WLAN deployments. You know the basics: Turn on WiFi security, but don’t use WEP. Rather, use WPA at a minimum or WPA2 if you have it. But, much more importantly, use some form of upper-layer security (VPNs) and authentication (like 802.1X). Using airlink security alone means that data appears in the clear outside of the WLAN itself. Sure, the WiFi hackers will be frustrated and largely move on, but the professional information thieves, who should be your real concern, will simply look elsewhere in your network. They’re not the ones out in the parking lot anyway.
One other big problem is that WiFi-based security is still fairly static. Changing keys is a pain in most cases, which means that once someone has access, they usually have it forever. This is why upper-layer tools are so important. If you use them, you can almost ignore WiFi security altogether, although I certainly wouldn’t -- they add some value regardless.
You’ve probably already heard that the Wi-Fi Alliance recently announced its “WiFi Protected Setup”, designed to simplify the process of configuring security. Some vendors, like Buffalo Technology (USA) Inc. and Devicescape Software Inc. are offering variants of this technique now, but it’s worth cautioning here that this process is suitable only for residential and very-small-business installations and doesn’t consider the upper-layer requirements -- which is where we really need a form of simple configuration.
— Craig Mathias is Principal Analyst at the Farpoint Group , an advisory firm specializing in wireless communications and mobile computing. Special to Unstrung