WPA, The Sequel
The 802.11i standard is almost certain to be ratified sometime in 2004, at which point WPA will give way to WPA2. WPA2 will, in essence, be an 802.11 implementation with the Wi-Fi Alliance seal of approval. Is 802.11i better? “Yes,” said Cohen, “because while WPA uses TKIP [temporal key integrity protocol], a very good protocol, 80211i requires AES [access encryption standard], which cryptographers and PhD-types like more.” He stresses that the move to 802.11i is not a fix, but an evolution. “We went from something insecure—WEP—to secure—WPA—and now we’re moving to something else that’s secure—802.11i/WPA2.”

Dr. Joel Snyder, a senior partner at the consulting firm Opus One, has never been comfortable with WPA, and looks forward to the 802.11i ratification this year. “WPA has always been a thorn in my side because it’s not a cooked standard,” he said. “[Manufacturers and vendors] just needed something so they could sell product. WPA2 and 802.11i will alleviate my concerns.”

The AirStation One-Touch Secure System from Buffalo Technologies can automatically secure wireless networks. It is available on the company’s WHR3-654 router.

Keeping it Simple
The seeming complexity of wireless security can be a big impediment to deploying Wi-Fi. If you’ve ever been to a computer trade show, you’ve seen that even seasoned computer professionals can struggle to attach to a WLAN on the show floor. Automating and simplifying wireless security will increase the rate at which businesses adopt wireless technology, and decrease the chance of making a configuration error. This simplification is starting to catch on in the marketplace. Here are just a few prime examples.

Windows XP Service Pack 2
Microsoft has revamped the wireless connection interface in its upcoming OS update. In addition to being easier to use, this interface will be able to store configuration and security information on a USB storage device for automatic transfer to other computers, or to print it out for easier manual installation.

Also, it’s easier to see whether your network is secured from the list of available wireless networks. While connecting to a network is easier, there is still a clear warning when you connect to an insecure network. Another feature, Wireless Provisioning Services, is designed to ease the process of connecting securely to hotspots and creating a WISP (wireless internet service provider) account.

Broadcom SecureEZSetup
Suppliers of wireless hardware are also finding ways to simplify security configurations. Broadcom recently introduced a software solution called SecureEZSetup that secures an access point and its client devices with WPA Personal and automatically configures the network SSID. An auto-discover routine can find all SecureEZ-compatible access points and tell you which is closest.

SecureEZSetup will be introduced in equipment from companies including Belkin, Linksys, and Motorola, as well as notebook vendors like Dell, HP, and Gateway. And, in many cases, existing equipment may be upgradeable. Devices without SecureEZSetup will still be able to connect to the network, but they’ll have to be configured the old-fashioned way.

Buffalo Technology AOSS
One of the leading Wi-Fi hardware vendors, Buffalo Technology, has introduced a new feature on some of its hardware called AirStation One-Touch Secure System (AOSS). The technology aims to radically simplify wireless network and security setup.

With AOSS-enabled access points, pressing a button on the back puts the device into AOSS mode. You then have 3 minutes to push the AOSS button on the client device, at which point the entire configuration process occurs automatically. Though it’s possible to see the configuration process through a Web interface, it’s not necessary.

According to Morikazu Sano, vice president of Buffalo’s networking division, AOSS is initially intended mostly for the consumer, home-office, and small-business market. But, like other trends, it may soon find its way into larger environments. “What will happen is that consumers will use it at home and see the benefit, and then bring it into the business environment,” says Sano. “That’s what happened with wireless.”

What About the Enterprise?
Unfortunately for network administrators, there’s no simple solution for business-ready wireless security, but there will be soon. Opus One’s Joel Snyder suggests that IT departments simplify by first looking at what’s already in place. For instance, “if you’ve already got a strategy that works for remote access, like a VPN, you can use that same security inside the network,” he says. “It’s not an elegant solution, but its beauty is in its reuse, which could make the administrator’s jobs a lot easier.”
Snyder also recommends that you recognize what you’re trying to accomplish. “The key, I think, is that you’ve got to refine your requirements. Security is such a broad word. Don’t go overboard with technology if you don’t need it.”

Across the wireless spectrum, from home to hotspots to small and large companies, the goal is clear: Make it truly secure, but also make it easier to use. Once the industry can achieve that, network administrators can make keep the boss happy—and keep the network off-limits for would-be hackers.

Read more: Security Speak >>