Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

WLAN Security: Five Simple Truths

If you see someone driving with what looks like a Pringles potato chip can pointing out of the passenger window, don't be alarmed. It's probably just a local war-driver looking for unsecured wireless access points. The second WorldWide Wardrive wrapped up on Nov. 2. The last such event, which took place a few months ago, documented nearly 10,000 APs. Of these, more than 70 percent were running with no encryption. If you find this shocking, let me remind you of five simple truths:

1. People are not necessarily stupid for not "at least" running WEP. This protocol has been broken since day one. It was never designed with consumers in mind, and in the enterprise, it has never come close to meeting the need for a scalable encryption system once you expand beyond three access points and a dozen users.

2. Lack of security isn't a valid reason for delaying a WLAN. I've spoken to many IT managers who refuse to implement WLANs because WLANs are insecure. So is the Internet, but you don't see companies shutting down their connections. Create a VLAN and connect your WLAN in front of your firewall.

3. You may wait forever for a bulletproof WLAN security standard. Well-placed sources tell me that IEEE officials don't want to release 802.11i security standards until 2004.

4. 802.1x is no WLAN security silver bullet. Many IT managers view this standard as the solution to their WLAN security problems. However, implementing 802.1x can be complex, requiring compatible client software and a RADIUS server that integrates with your existing authentication environment.