Securing WLAN Of Greater Concern Than 802.11 Migration
Page 1 of 1
IT managers and consumers will no longer need to concern themselves with the question of how to upgrade their wireless LANs or PANs (personal area networks) once faster data transmission rates are finally rolled out. Whether WLAN users will use the same spectrum space (2.4 GHz) to migrate to 802.11g or the higher spectrum (5 GHz) to migrate to 802.11a, backwards compatibility with 802.11b is almost assured.
But some folks within the industry don't think kindly of the recent rash of headlines touting "dual-mode" or "interoperability." In fact, Texas Instruments -- one of a few companies that has actual 802.11b products on the market -- views any such announcement more as a distraction than as a boon.
"These [types of announcements] have the potential to make people think that customers will hold off purchases to wait for vaporware," said Bill Carney, director of marketing applications for TI's Wireless Networking Business unit. It will merely slow early adoption.
"It's very logical that dual-mode will happen...most likely, we'll have a similar type offering," Carney said during a telephone interview.
For now, though, Carney argued that any announcement that promise the next-best-thing is merely just hype and overlooks the fact that products currently on the market have a long lifespan.
"The 802.11 technology got started 10 years ago and it's taken 10 years to become affordable. I think we should draw a conclusion that it's not a fast ramp" to 802.11a, the TI official explained.
Migration concerns holding up adoption? Hardly!
But despite the marketing push, enterprise customers have shown the most relunctance in supporting Wi-Fi. In fact, a recent survey by the Dell'Oro Group showed that consumers were largely responsible for growing the market to $231.4 million in the first quarter of 2001. Are IT buyers holding off on implementing wireless LANs due to the confusion created by migration issues?
For organizations like financial institutions and health care companies, the single largest hurdle is security, not migration. Enterprise customers of that magnitude not only rely on secure "wired" environments to house highly sensitive consumer data but are under strict government regulations to do so.
"No way in Hell. I wouldn't even touch it. There's too much critical information going over our wires," said Derek Anderson of Kaiser's IT division. "I think it's going to take a while for everyone to start using it because of the security risk."
Still, industry participants haven't given up the belief that wireless LANs will eventually make their way into those environments. Symbol Technologies, a provider of the bar-code scanner and mobile solutions, is one such player that is just wrapping up beta tests of its WLAN security solution labeled Spectrum24. The company expects to have products available shortly.
"They [Kaiser] probably aren't allowed to offer their doctors home access to their patient's records. Medical records in particular have very high security requirements. But I believe WLANs will make their way into both hospitals and doctors' offices," said John Hughes, director of strategic marketing at Symbol Tech.
Too much is not enough?
Hughes, who also is a member of the IEEE group (802.11i) currently examining wireless security issues, emphasized that it isn't enough to simply secure the wireless portion of an environment. Security must be implemented as a holistic solution as opposed to ad hoc components.
WLAN security comes from practically any (or even all) points on the network -- from the gateways and access points right up to the wired server. If the server that houses the security system is freely accessible -- say, because it's used to run other mission critical capabilities -- then "you've opened the door to hackers," Hughes said.
"It comes down to policy. There's no silver bullet," he said. "For us, the WLAN is part of the real LAN so we need to make that as secure."
So, with myriad possible combinations available to a WLAN customer, the issue then becomes: how much security is enough?
All security systems consist of three main components: encryption, authentication and key distribution. According to the latest government mandates, the IT community must be able to demonstrate a provable solution that has a minimum encryption size of 128 bits based on standard protocols for authentication and key distribution. But how can a security system meet indefinite qualifications such as "provable?"
"Provable is the key word. It's practically impossible," Hughes said.
At least in the realm of encryption, the federal government identified a new technique using 128-bit algorithms that will be the basis of the new Advanced Encryption Standard (AES). Prior to the adoption of AES, the government had endorsed a 56-bit encryption technique called Data Encryption Standard (DES), which was adopted in 1977. To enhance security encryption through the decades since the 70s, cryptographers developed a way to encrypt data three times over -- a variant known as "Triple DES."
But, this so-called Triple DES used more of a machine's processor power because data wasn't just sent through once to encrypt -- data was sent three times. With such power needs, WLAN users in essense would be locked to their A/C adapters even if their network connections were wireless...hence, the selection of AES in October 2000.
The only problem is, when the Wired Equivalency Protocol (WEP) was first created, AES wasn't identified as an encryption standard. The IEEE's 802.11 Working Group is now developing a next-generation WEP but currently has no proposals for a backwards compatible encryption scheme.
In fact, the only encryption scheme that is getting support from the IEEE is an AES-based proposal submitted by a professor from the University of California, Davis, known as AES-OCB.
Hughes doesn't expect a resolution to the security issues by the next regularly scheduled IEEE meeting on Sept. 17-21 in Seattle.