The Week in Review: Insecure About Security

A few weeks ago a USA Today reporter called me and asked me what I had heard
about companies pulling 80211b installations due to security concerns. I had not
heard of any such instances and told her so. She was slightly inaccurate about
what was going on: turns out that high-security places like the Lawrence
Livermore National Lab (as
reported this week by Matthew Peretz on
) have instituted policies
against 80211 networking due to security concerns. And she drew the conclusion
that if the Lawrence
Livermore National Lab banned wireless networking, therefore wireless networking
was inherently insecure and should be used — if at all — with a great deal of

Well, OK.

Of course the Lawrence Livermore National Lab bans wireless networking in
secure areas. It also bans cellular phones and pagers in secure areas. It also
has enhanced security throughout its facilities. 

And not all security concerns are the same. The Lawrence Livermore National Lab
making sure that top-secret missile plans aren’t inadvertently leaked to a
mobile user just isn’t the same as me making sure that my Quicken connection to
my bank is secure. 

To argue that 80211b was a flawed technology just because the Lawrence
Livermore National Lab is the same as arguing that cell phones are flawed. The
Lawrence Livermore National Lab is a research facility that does important
Department of Defense contracting work in the area of national-defense
technologies, and as such the folks there have a heightened awareness of
security concerns. So to argue that 80211b is inherently insecure because the
Lawrence Livermore National Lab prohibits its use in some situations is specious
at best.

This is not to say that 80211b networking is secure as it could be. It’s not.
Too often the 80211b security tools are not enabled properly by networking
engineers or end users, and there are times when the existing tools — including
encryption, VPNs, Kerberos authentication, and such — just aren’t enough. The
existing 80211 roadmap calls for security enhancements down the road, and for
many corporations these enhancements can’t come too soon.

So the lesson here isn’t to sound an alarmist tone because an ultrasecure
facility is banning WiFi networking. The lesson is to be aware of security at
all times — and to plan accordingly.

High Five

There’s a lot of anticipation regarding the next iterations of the 80211
protocol, and 2002 is shaping up to be a pivotal year as we see the final
ratifications of several 80211 protocols (including 80211e, which should improve
and enhance quality of service, and 80211i, which should enhance security). And
while WiFi products themselves are beset by interoperability issues, you’ll see
more of the same challenges in 2002 and 2003, as vendors attempts to meet
standards while promoting interoperability. 

That’s why you’ll need to take special care when looking at 80211a products.
(80211a should shortly be granted a moniker of WiFi 5 by WECA). While vendors
are moving toward a brave new world where 80211a and 80211b products seamlessly
interact, the integration probably won’t occur with the first wave of products.
As 80211a and 80211b use different parts of the radio spectrum (80211a uses the
5 GHz band, while 80211b uses the 2.4 GHz band), they are inherently
incompatible, but vendors are promising to address the incompatibility with
dual-band products.

In the meantime, here’s a simple rule of thumb: stick to 80211b products
until there’s a good reason to incorporate 80211a technology. Eventually
80211a’s many performance superiorities — such as higher throughput — will
prove compelling, but in the meantime it’s best to play it safe.

is executive editor of

Want to discuss these issues with fellow
80211 users? Then visit our discussion

Related Stories:

WLAN Security Threats: Part I

WLAN Security Threats: Part II

White Paper: Evolution, Requirements, Options

WLAN Security

News Around the Web