April 02, 2003, 5:06 PM — No topic in wireless attracts more attention than security. And that's really how it should be - an insecure wireless network isn't really a network at all. It's an open invitation for hackers and crackers and all the other evils that inhabit the communications world. Not surprisingly, wireless network security, particularly regarding wireless local area networks (WLANs), is the number one concern of network managers, and, as such, an entire industry has grown to serve the ever-changing demands of wireless-network-based information integrity.
As enterprises have gradually adopted wireless (as at least an appendage to the corporate network), it was naturally assumed that special security precautions would be required to deal with the unique nature of wireless communications. After all, wireless purposely puts valuable enterprise information out on the airwaves, and anyone within range and equipped with an appropriate receiver should be able to grab this data and put it to all kinds of nefarious use. Since this is the case, many wireless networks implement inherent authentication and encryption mechanisms to provide basic assurance to customers that their data will at least be difficult to decrypt, and their networks at least challenging to crack.
It soon became obvious however, that despite the efforts of carriers and equipment providers, data was being compromised and networks were being hacked. The debacle surrounding the Wired Equivalent Privacy (WEP) mechanism in the IEEE 802.11 wireless-LAN standard served (at the very least) to bring the entire issue of wireless (and enterprise) security to the top of every network manager's to-do list. WEP, to its defense, was never designed to be a complete wireless security solution. Indeed, at the time of the release of the initial 802.11 standard in 1997, it was illegal to export effective encryption technology from the U.S. High-performance encryption was classified as a potential weapon! It's pointless to debate the politics however, other than to mention that very sophisticated encryption technology was available at the time for free download on the Internet (isn't everything, these days?). Most WLAN vendors quickly realized that more sophisticated encryption was required, and quickly developed new approaches. To give you some context, WEP by default uses a security key of 40 bits. Today, most WLAN vendors offer at least 128 bits, which is a good deal more secure.
There were two immediate pieces of fallout from this state of affairs. First, many network managers assumed that WEP just wasn't secure and simply never enabled it - despite the fact that some security is always better than none, and the hackability of WEP was at least a little overblown. As a result, many WLANs were left essentially open for public access on the wrong side of the firewall.