Securing a wireless Lan remains complex and costly
because of immature standards and a lack of interoperability,
according to a report by Meta Group.
Several approaches have emerged over the past two years that
adequately address some of the security concerns related to the
original Wired Equivalent Privacy (WEP) encryption protocol used in
802.11b WLans, said Chris Kozup, an analyst at Meta and author of
the report.
But the different standards and approaches adopted by suppliers
make WLan rollouts a major hassle, Kozup said.
"Suppliers in general have not been aggressive enough at trying
to simplify their solutions," Kozup said. Most are pushing their
own agendas with proprietary standards and are "being apathetic in
terms of their willingness to push broader adoption of specific
standards", he added.
As a result, for the next year at least, companies intending to
implement WLans will have to adopt a single-supplier approach or
use third-party wireless gateways, he added.
Much of the complexity stems from the array of standards
confronting IT managers charged with securing WLans.
Cisco Systems and Microsoft, for example, are pushing a standard
called Protected Extensible Authentication Protocol (PEAP) for
authenticating users on WLans and defending against
man-in-the-middle attacks.
Cisco also pushes another protocol called LEAP (for Lightweight
EAP), which, like PEAP, is based on the 802.1x authentication
framework and mitigates some of the original weaknesses in WEP.
Meanwhile, Funk Software, a supplier of wireless technology, has
another EAP authentication method called Tunneled Transport Layer
Security (TTLS). Like PEAP, TTLS uses a secure tunnel for passing
user credentials from a client device to the authenticating
server.
Though these technologies all broadly address the same problem,
there are crucial differences that users need to be aware of when
implementing them, said Kevin Walsh, a director at Funk.
Cisco's implementation of PEAP, for instance, is different from
Microsoft's, and the two aren't interoperable. And supporting LEAP
can force a company into an all-Cisco access point infrastructure,
according to Meta.
Jaikumar Vijayan writes for Computerworld