August 12, 2004, 11:50 PM —
|This is an edited transcript of a webcast program. For a richer experience, watch the webcast.|
Analyst: Craig Mathias, Farpoint Group
Watch it: Available 24x7
Takeaway: Secure your network's endpoints. Encrypt the
data on mobile devices and server.
As you probably know, wireless LAN security is a bit of a mess. Originally in 802.11, the wireless LAN standard, the security technology, which is called wireless equivalent privacy, or WEP, was not very secure. It was really not very secure by design.
It was only 40 bits of resolution and, in fact, the standard is still 40 bits of resolution today. This has led to a wide variety of hacker threats, things like Air Snort and WEP Crack, tools that you can download off the Internet, can, in fact, be used to break WEP encryption.
Now it is not that easy to do but nonetheless network managers are right to be concerned about that particular problem. What has happened over the years is that most vendors of wireless LAN equipment have developed proprietary enhancements, such as going to 128-bit WEP encryption, that has resulted in much better security. But still, it has not really been enough to make very many network, potential wireless LAN network users happy.
There has been lots of other solutions as a result of that. Primarily add-on hardware and software products from a wide variety of vendors. Many of these involve additional hardware boxes that need to be added to your wireless LAN infrastructure and the solutions can get rather complex.
Security thus remains even today the #1 concern about wireless LANs and it is also the #1 reason that people have not adopted wireless LANs to date. What has happened though is a couple of very funny things.
The most important of which is that because people have heard that WEP is not secure, they simply don't enable it, they don't turn it on and therefore run insecure wireless LANs in their enterprises. That is clearly not something that you want to do. And, of course, as I mentioned before, in many cases they simply do not install wireless LANs at all.
But that is not the real problem with wireless security. Wireless LAN security, like any wireless security, just considers one small portion of your overall value chain, and that is what we call the air link, the connection between the client and the access point which interfaces to the rest of your network infrastructure.