Living without wires

• Article 1 of 33
• SC Magazine, June 2006
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages

Almost since its creation, wireless networking has worried CIOs. Unlike Ethernet, wireless networking removes the need for a physical connection to the network, making it far harder to restrict access. Coupled with the flawed WEP protocol used to "secure" initial Wi-Fi networks and it's no surprise that many preferred to ignore wireless networking altogether or fill in the gaps in security with other techniques.

To improve the security - and the image - of wireless networking security, the vendors responsible for Wi-Fi developed a replacement for WEP called WPA. But is it as secure as vendors claim, and is using it as easy as they suggest?

Ask almost any vendor of Wi-Fi hardware whether WPA is secure and you will get more or less the same response: "Analysis says it will take around 2.7 billion years before it's cracked. It's classed by the US government as good enough for top secret protection." And as far as it's possible to tell, those vendors are right. But that's not the whole story.

First, there are two WPA standards, WPA and its successor WPA2 (see panel, p33). WPA was intended as an interim standard designed to patch the holes in WEP until vendors and standards bodies could finalise the specifications for WPA2. WEP had many flaws, with hostile users able to discover the key used to encrypt transmissions relatively easily, change traffic on the network without knowing the key and even create a denial-of-service attack. WPA fixed those flaws relatively painlessly, usually requiring only firmware and software upgrades on clients and access points, rather than an investment in new hardware.

WPA2 improved on WPA's encryption method, but at a slight cost: older hardware did not have the processing power capable of decrypting and encrypting traffic in real-time. However, hardware developed when WPA was already a standard is usually capable of being upgraded to WPA2: vendors knew the likely basis of WPA2's encryption scheme and built-in the necessary processing power from the beginning.

WPA and WPA2 are more secure than their predecessor. Both come in "enterprise" and "personal" versions, with the first offering even more security through authentication to 802.1X servers such as RADIUS. Only WPA-Personal has so far been shown to have any kind of vulnerability, as shown by the coWPAtty passphrase auditing tool, and that is only apparent when using weak passwords.

Instead, the problem is with the implementation of the standards. Although the Wi-Fi alliance does test hardware to ensure it interoperates with other WPA-capable hardware, this testing is often insufficient to ensure true interoperability between all the various components needed for a WPA-encrypted network.

"If you want to ensure compatibility, then buy everything from one vendor," says Tim Ecott of security firm Integralis. "It's a compatibility minefield - problems with different cards, tying into Active Directory, the differences in the EAP protocols, the information exchanged."

Telindus is one of the UK's biggest network builders and has implemented WPA networks such as that used by Westminster Council for its IP CCTV system. James Walker, the head of its wireless and mobility division, has plenty of experience of the problems involved in getting different bits of WPA hardware to work together. "Often, you find things don't work correctly the first time. Usually, people then blame the network, but often it's the user's device or card."

At Surrey University, some users found their connections to the network dropped frequently. Walker's team traced the problem to the fact that the Dell laptops had been imported from the US and had US, rather than European, specifications. "Netgear, Cisco and sometimes Buffalo have a better chance of working. Dells have problems," warns Walker.

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages