Poor standards plague WLan security

Securing a wireless Lan remains complex and costly because of immature standards and a lack of interoperability, according to a...

Securing a wireless Lan remains complex and costly because of immature standards and a lack of interoperability, according to a report by Meta Group.

Several approaches have emerged over the past two years that adequately address some of the security concerns related to the original Wired Equivalent Privacy (WEP) encryption protocol used in 802.11b WLans, said Chris Kozup, an analyst at Meta and author of the report.

But the different standards and approaches adopted by suppliers make WLan rollouts a major hassle, Kozup said.

"Suppliers in general have not been aggressive enough at trying to simplify their solutions," Kozup said. Most are pushing their own agendas with proprietary standards and are "being apathetic in terms of their willingness to push broader adoption of specific standards", he added.

As a result, for the next year at least, companies intending to implement WLans will have to adopt a single-supplier approach or use third-party wireless gateways, he added.

Much of the complexity stems from the array of standards confronting IT managers charged with securing WLans.

Cisco Systems and Microsoft, for example, are pushing a standard called Protected Extensible Authentication Protocol (PEAP) for authenticating users on WLans and defending against man-in-the-middle attacks.

Cisco also pushes another protocol called LEAP (for Lightweight EAP), which, like PEAP, is based on the 802.1x authentication framework and mitigates some of the original weaknesses in WEP.

Meanwhile, Funk Software, a supplier of wireless technology, has another EAP authentication method called Tunneled Transport Layer Security (TTLS). Like PEAP, TTLS uses a secure tunnel for passing user credentials from a client device to the authenticating server.

Though these technologies all broadly address the same problem, there are crucial differences that users need to be aware of when implementing them, said Kevin Walsh, a director at Funk.

Cisco's implementation of PEAP, for instance, is different from Microsoft's, and the two aren't interoperable. And supporting LEAP can force a company into an all-Cisco access point infrastructure, according to Meta.

Jaikumar Vijayan writes for Computerworld

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.