The quest for better wireless security
Wireless security expert Leo Pluswick asks whether the emphasis on time to market and new features will undermine the pursuit of better mobile security.
To be sure, cell phones, personal digital assistants and wireless laptops have helped usher in an era of mobile computing that's marked by increased productivity and fast return on investment.
Locating local internet providers
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
Wireless suppliers have offered up a couple of approaches that fall under the rubric of robust security networks (RSN). Proponents argue that this will resolve the remaining access problems and confidentiality vulnerabilities older 802.11 products have.
Locating local internet providers
Customers are demanding better security services and are adamant that any associated costs be transparent. |
The first solution, based on an emerging Institute of Electrical and Electronics Engineers 802.11i security-enhancing option, is found in the Wi-Fi Alliance's Wi-Fi Protected Access (WPA) products. A second solution, which won't be available until 2004, when the 802.11i specification is ready for publication, is believed to be more secure.
The WPA solution does an adequate job of answering the basic security needs of wireless local area network (WLAN) users. It also is already available and--unlike the latter option--offers backward compatibility with existing legacy WLAN hardware.
Get Up to Speed on... Wi-Fi Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
In this instance, security takes a back seat to the bottom line. Buyers may be willing to take security risks in order to avoid making more expensive investments, especially at a time when they may be cash-constrained. Suppliers know that and are responding to demand, eager for a quick infusion of revenue at a time when it is most welcome.
So if you do adopt the WPA solution as a de facto WLAN security option, keep in mind the following:
• Users and companies may become more complacent and therefore delay the acceptance of the more fully baked and more secure RSN option.
• The solution may not be used as required, so the level of security protection possible may not be obtained.
• It may encourage the use of non-RSN, legacy products in a WLAN, thereby reducing the security of the WLAN to that delivered by the non-RSN products.
How many IT departments believe that all the users on their corporate networks are disciplined enough to always use security features or use them properly? |
Unfortunately, users may be tempted to choose the less secure option, because it offers the easy route. The WPA products are available, backwards-compatible and offer improved security. But how many IT departments believe that all the users on their corporate networks are disciplined enough to always use security features or use them properly?
In the short term, recently trained users will be disciplined enough to get the desired security. But after some time, they are bound to get lazy and revert to bad habits. The upshot: Security goes out the window.
WLAN companies may believe that they have answered the call for more secure networks, and people assume that they are receiving better security. But is that the reality on the ground? The question still lingers. It will be interesting to see whether time to market and new features once again undermine the quest for better security.