iApplianceWeb-iApplianceReview

Sponsor-Editors Sites
• iApplianceReview
• Appliance-Lab
• CyberNode Appliances
• VideoIP Services
• Energy Gateways
• Metering & Appliances
• Netcentric Community
• Techrite Associates

EETimes Sites
• EE TIMES
• EE TIMES ASIA
• EE TIMES CHINA
• EE TIMES FRANCE
• EE TIMES GERMANY
• EE TIMES KOREA
• EE TIMES TAIWAN
• EE TIMES UK

EETimes Network Sites
• CommsDesign
• iApplianceWeb.com
• Microwave Engineering
• EEdesign
• Deepchip.com
• Design & Reuse
• Embedded.com
• Embedded Edge
• Elektronik i Norden
• Planet Analog
• Silicon Strategies

• Byte
• ChannelWeb
• CMP
• CommWeb
• Com. Convergence
• CRN
• Conferences and Events
• DB2
• Dr. Dobbs Journal
• DV.Com
• EBN
• EBN China
• eeProductCenter
• Electronics Express
• Electronics Express
• Internet Week
• Network Computing
• Network Magazine
• NetSeminar Services
• QuestLink
• TechWeb
• VAR Business
• Windows Developer

Security Sentinel: WLAN security solutions near?

By Toni McConnel, contributing editor
iApplianceWeb
(11/27/02, 02:31:46 AM EDT)

Wireless LANs are notoriously vulnerable to hacker attacks. Any ITprofessional knows that the current standard for 802.11 security, WEP (WiredEquivalent Privacy), is easy to get around with a bevy of tools available for downloading from the Internet. As a result, confidence in WLAN security is extremely low.

But if until now you have only been felt 'moderate concern' about security, this ought to upgrade your condition to 'acute anxiety': At the DefCon X hacker convention in Las Vegas in August 2002, AirDefense, Inc., a company that provides security solutions for WLANs, monitored the convention's WLAN for two hours and identified more than 10 previously undocumented methods being used by hackers to manipulate 802.11 protocols to launch attacks against the convention's WLAN. In addition to the eight sanctioned access points to the WLAN, Air Defense found 35 rogue access points, and determined that 200-300 of the 800 address stations were fake. (A full report on the Air Defense survey can be found, along with an immense amount of useful and sometimes startling facts about WLAN security, in a white paper titled "What Hackers Know That You Don't. " )

Well, it was a hacker's convention, after all. But isn't it disturbing that there is still such a thing as a hacker's convention and that apparently it's legal? The whole point of the convention is to share information on how to gain unauthorized access to networks, and wireless LANs are a major focus.

Of course everyone is waiting for IEEE 802.11 Task Group I to complete their work on the 802.11i Robust Security Network amendment, which promises to plug all the holes. Unfortunately, their work is not expected to be completed until mid-2003. That's "expected" - not necessarily "will be". But effective WLAN security is desperately needed NOW.

That's the bad news, but...

I have good news for you. You may not have to wait another six months or more to get trustworthy WLAN security. There are two recent developments that promise to deliver WLAN security that actually works during the first half of 2003.

The first is a security solution from the Wi-Fi Alliance called Wi-Fi Protected Access (WPA). It replaces the existing WEP standard, and uses Temporal Key Integrity Protocol (TKIP) encryption and 802.1x and Extensible Authentication Protocol (EAP) authentication. Some industry experts say it's not the ultimate solution, but hey -- it's better than what we got until IEEE finishes their work on 802.11i.

Existing WLANs can be upgraded to WPA compatibility through firmware and software updates. New Wi-Fi certified WLAN products are expected to ship with WPA security during the first quarter of 2003. Details about the new standard can be read at the Wi-Fi site.

The second development is even more exciting, and somewhat mysterious unless you are into quantum physics. Research into quantum encryption techniques has been going on for at least a decade and involves the government, universities, and commercial companies around the world. It seems that commercial products using this optical technology are just about ready to hit the market.

One way that quantum encryption ensures un-crackable transmission is by a method called quantum-key distribution (QKD), which changes keys so quickly that hackers using ordinary computers can't keep up with them. The method uses an emitter/receiver based on a single photon. These work only on fiber-optic networks.

Another method, developed by Northwestern University, secures the data stream as well as the encryption keys. If hackers try to decode the message their observation of the data introduces so much quantum noise as to render the result indecipherable.

The main thing about quantum encryption is that it is said to be absolutely uncrackable. Until quantum computing becomes commercially feasible and affordable, that is, when hackers will be able to keep up with quantum encryption rates. But that may be a long way down the road yet. The first commercial product using quantum encryption may be on the market Q2 of 2003.

Security Sentinel is written by contributing editor Toni McConnel. Toni will keep you up-to-date on recent issues about security, new virus alerts, discoveries of software and hardware vulnerabilities, and most important of all, where to find further information and fixes.

Your input is invited. Write to Security.Sentinel@NetcentricCommunity.net with your concerns and/or information you would like to share with the iAppliance community concerning security.

Toni is a freelance technical writer specializing in ghostwriting technical articles for electronics magazines. You can learn more about her at www.tonimcconnel.com.

For more information about the issues, products and technologies mentioned in this story, go to the iAppliance Web Views page and call up the associatively-linked XML/Java Web map of the iApplianceWeb site and search for product information since the beginning of 2002.

For technical article coverage, go to EETimes In Focus maps on the same Web page and browse or quickly search for all articles on a particular topic since the beginning of 1998.

These Web Maps can be browsed by date, by category, by title, or by keyword, with results displayed instantly either as a list of possible hits or with the specific Web page.