Wave Systems Corp. (fka WAVXQ)

[dude_danny]

O.T. Wi-Fi Security Wakes Up to Reality

http://www.newsfactor.com/story.xhtml?story_id=102000027VR6
June 17, 2005 10:37AM

If a company can't migrate to AES encryption, which requires faster processors in the access point, then the company should consider using a virtual private network (VPN) in house for its Wi-Fi network, says Roger Sands, vice president of enterprise development at Colubris Networks.

Wi-Fi security has come a long way since two 20-somethings sat in the parking lot of a Lowe's store in Southfield, Mich., hacked their way into Lowe's datacenter in Wilkesboro, N.C., and downloaded customer credit card numbers.
Two years on and many companies are still as vulnerable today as Lowe's was then. Most experts agree that the weakest link in the enterprise today results from a failure to upgrade to the latest encryption and authentication technologies.

"Early on a lot of wireless devices were simplistic at best with a 40-bit WEP key and no support for authentication," says Richard Rushing, chief security officer for AirDefense .

In addition to WEP, another limited legacy approach to security is LEAP (Lightweight Extensible Authentication Protocol), originally a Cisco protocol for transporting authentication data. Cisco is now phasing out LEAP and other approaches in favor of PEEP (Protected Extensible Authentication Protocol), developed jointly by Cisco, Microsoft and RSA Security.

In addition, most newer Wi-Fi networks now deploy 802.11 with stronger password-protection functions and AES (Advanced Encryption Standard) authentication.





But for many large companies, a Wi-Fi network involves a multiyear rollout, which often precludes going back to square one and upgrading access points (APs) and client devices every time a newer technology is introduced.

If a company can't migrate to AES, which requires faster processors in the AP, then the company should consider using a virtual private network (VPN) in house for its Wi-Fi network, says Roger Sands, vice president of enterprise development at Colubris Networks.

"Or at least use TKIP [Temporal Key integrity Protocol], which is better than a static WEP key," Sands says.

The truth is that wireless technology in general has an inherent weakness not shared by a wired network: A physical barrier can't protect wireless.

When wireless leaves the building it is the same as putting an Ethernet connection outside the door, Rushing says.

Because almost all of the basic gambits hackers used three years ago, such as the Evil Twin, DoS and taking down all access points in order to put in a rogue AP when the system reboots, are still possible, the only real defense is to monitor and scan the airwaves for intruders, says Rich Mironov, a vice president at AirMagnet.

Despite all the high-tech gadgetry used by both good guys and bad, many security rules are commonsense, says jack Cold, a principal at JCoId Associates.

"Make sure people log out, don't leave devices hanging around, and make sure people aren't looking over your shoulder," Cold says.

All the experts spoken to for this article agreed that wireless is a magnifying glass, and if there is a security hole in your organization, wireless will magnify it.


dude_danny