Snoopers, crackable keys hamper wireless LAN uptake

Fear of snoopers on street corners, and the easily-cracked keys used to encrypt data, has kept many enterprises from deploying wireless LANs.

While a wireless LAN can link users to corporate data and the Internet, Andreas Tilch, National Foods IT security manager, said there were some concerns. Bandwidth is limited to about 10Mbps (bits per second) and security is also a serious concern, he said.

"It takes a lot of effort to ensure it is secure, but we are planning to trial a wireless LAN in the future because it can reduce networking costs; however, it will be limited to specific and isolated locations," he said.

The Wi-Fi Alliance is working to replace current standards based on WEP (Wired Equivalent Privacy) which has been criticised for being seriously flawed, but the new standard called 802.11i will not be ratified for 12 months.

Wi-Fi Alliance's specifications, called WPA (Wireless Protected Access), includes mechanisms from the emerging 802.11i standard for both data encryption and network access control. For encryption, WPA has TKIP (Temporal Key Integrity Protocol), which uses the same algorithm as WEP but constructs keys in a different way. For access control, WPA will use the IEEE 802.1x protocol, a recently completed standard for controlling entry to both wired and wireless LANs.

With WPA, each user will have his or her own encryption key, and that key can be set to change periodically.

Verisign Australia (formerly eSign) enterprise consultant Richard Miller said in the meantime a managed virtual private network (VPN) is the best option as companies can pay by the month for user access without the cost of investing in infrastructure.

"Running VPN technology over the wireless network effectively eliminates WEP vulnerabilities as the LAN then becomes a secure encrypted tunnel for the safe transmission of sensitive data," he said.

Only last week Miller went into Sydney's financial district and did a bit of 'war walking', or war driving, which involves cracking into company networks with wireless LANs.

He found 20 wireless LAN access points, almost half of which were not encrypted.

"I even used one access point to browse the Internet using their bandwidth," he said.

Rather than use freeware such as NetStumbler, Miller simply used WinXP which has war driving functionality built into the operating system.

"I didn't reconfigure XP at all and a laptop isn't necessary either as MiniStumbler is now available for PDAs," he said.

When establishing a wireless LAN, Miller said companies should change the default password, change the Service Set Identifier (SSID) , turn on WEP to use the highest level of encryption and use MAC address filters.

Stephen Lawson contributed to this story.

Join the newsletter!

Error: Please check your email address.

More about eSignIEEENATIONAL FOODSVeriSign Australia

Show Comments

Market Place