The latest security features that wireless LAN vendors plan to
build into products under the Wireless Protected Access (WPA)
programme will do little to protect enterprise or individual users
in the booming Wi-Fi public-access "hot spot" market, according to
analysts.
Gartner analyst John Pescatore said that public-access providers
such as T-Mobile or Boingo Wireless typically do not employ
security because it inhibits their business by reducing the
convenience of high-speed (11Mbps) Internet access.
Pescatore said that mobile enterprise workers should use a virtual
private network (VPN) connection if they intend to use a
public-access WLAN service to tap into a corporate database or
e-mail server. He also suggested that anyone using a public-access
Wi-Fi service should install a personal firewall to prevent
snooping by other users on the same public network.
Peter Beardmore, senior marketing director at Colubris Networks,
which sells a "hot spot in a box" WLAN setup through Boingo, said
public-access WLAN users without a firewall ran the risk of another
airport or coffee shop user poking around in their files using the
"Network Neighborhood" tools found in the Windows operating
systems.
Beardmore said Colubris helps Boingo prevent this kind of casual
sniffing by "forcing all traffic upstream" to a Colubris server
either incorporated into the access point or separate from it.
This technique, according to Beardmore, prevents "paper-to-peer"
sniffing of one client on a public-access WLAN network by another.
However, Beardmore agreed with Pescatore that enterprise users
should also protect their data through the use of a VPN.
Eventually, he said, public-access providers could build the
authentication part of WPA into their servers for monthly
customers, providing companies such as Boingo with a way to
authenticate the identity of regular - though not casual -
customers.