The Week in Review: Insecure About Security
Page 1 of 1
A few weeks ago a USA Today reporter called me and asked me what I had heard about companies pulling 80211b installations due to security concerns. I had not heard of any such instances and told her so. She was slightly inaccurate about what was going on: turns out that high-security places like the Lawrence Livermore National Lab (as reported this week by Matthew Peretz on 80211-planet.com) have instituted policies against 80211 networking due to security concerns. And she drew the conclusion that if the Lawrence Livermore National Lab banned wireless networking, therefore wireless networking was inherently insecure and should be used -- if at all -- with a great deal of caution.
Of course the Lawrence Livermore National Lab bans wireless networking in secure areas. It also bans cellular phones and pagers in secure areas. It also has enhanced security throughout its facilities.
And not all security concerns are the same. The Lawrence Livermore National Lab making sure that top-secret missile plans aren't inadvertently leaked to a mobile user just isn't the same as me making sure that my Quicken connection to my bank is secure.
To argue that 80211b was a flawed technology just because the Lawrence Livermore National Lab is the same as arguing that cell phones are flawed. The Lawrence Livermore National Lab is a research facility that does important Department of Defense contracting work in the area of national-defense technologies, and as such the folks there have a heightened awareness of security concerns. So to argue that 80211b is inherently insecure because the Lawrence Livermore National Lab prohibits its use in some situations is specious at best.
This is not to say that 80211b networking is secure as it could be. It's not. Too often the 80211b security tools are not enabled properly by networking engineers or end users, and there are times when the existing tools -- including encryption, VPNs, Kerberos authentication, and such -- just aren't enough. The existing 80211 roadmap calls for security enhancements down the road, and for many corporations these enhancements can't come too soon.
So the lesson here isn't to sound an alarmist tone because an ultrasecure facility is banning WiFi networking. The lesson is to be aware of security at all times -- and to plan accordingly.
There's a lot of anticipation regarding the next iterations of the 80211 protocol, and 2002 is shaping up to be a pivotal year as we see the final ratifications of several 80211 protocols (including 80211e, which should improve and enhance quality of service, and 80211i, which should enhance security). And while WiFi products themselves are beset by interoperability issues, you'll see more of the same challenges in 2002 and 2003, as vendors attempts to meet standards while promoting interoperability.
That's why you'll need to take special care when looking at 80211a products. (80211a should shortly be granted a moniker of WiFi 5 by WECA). While vendors are moving toward a brave new world where 80211a and 80211b products seamlessly interact, the integration probably won't occur with the first wave of products. As 80211a and 80211b use different parts of the radio spectrum (80211a uses the 5 GHz band, while 80211b uses the 2.4 GHz band), they are inherently incompatible, but vendors are promising to address the incompatibility with dual-band products.
In the meantime, here's a simple rule of thumb: stick to 80211b products until there's a good reason to incorporate 80211a technology. Eventually 80211a's many performance superiorities -- such as higher throughput -- will prove compelling, but in the meantime it's best to play it safe.
Kevin Reichard is executive editor of 80211Planet.com.
Want to discuss these issues with fellow 80211 users? Then visit our discussion forums!