802.11i, also known as WPA2, brings strong Advanced Encryption Standard (AES) security to wireless networks, explains e-Week. But it may not be for everyone.

The AES portion of WPA2 (Wi-Fi Protected Access 2) security is not backward compatible with currently installed 802.11 a/b/g equipment, making upgrades tricky for enterprises that hope to preserve their WLAN investment.

E-Week is sponsoring an interactive eSeminar on April 12 at 2 p.m. ET for a discussion with eWEEK.com Mobile & Wireless Center Carol Ellison and guest experts Clint Chaplin, Wireless Security Advisor, Wi-Fi Alliance, and Brad Mack, Vice President, iGov.

During the live event, they will discuss:

• Who needs 802.11i and why
• Considerations when selecting and deploying 802.11i
• How to work with vendors to preserve your WLAN investment
• Tips and guidelines for a successful 802.11i deployment

Recommended E-Week Reading:

• 802.11i Strengthens Wi-Fi Security
• New WLAN Security Has Its Price
• Wi-Fi Security Doesn’t Have to Mean Slow
• Wi-Fi Alliance to Promote WLAN Security
• New Security Standard Leads to Wi-Fi Boom

E-Week explains some particulars about the [confusing] 802.11i standard:

Similar to WPA (Wi-Fi Protected Access) a stopgap solution based on Draft 3 of the 802.11i specification 802.11i provides port-based authentication to a RADIUS server to provide user authentication. However, 802.11i streamlines WPA’s key exchange process among the client, access point and authorization server by requiring fewer messages.

Once a user has successfully authenticated to the RADIUS server, the authentication server creates a PMK (pairwise master key) that is moved to the access point and then exchanged with the client. This key controls both devices’ access to the 802.11 channel (no matter which band) and is used to derive the PTK (pairwise transient key), which is actually a collection of keys that help mutually identify the devices and secure the data traffic.

The PMK is unique to the client/access point conversation, so the 802.1x authentication process must occur again when a client roams to a new access point. Because the authentication process causes some latency, devices running time-sensitive applications may falter during a roam.

WiFiNetNews offers these tips; (1) Choose a better passphrase, (2) Use randomness to choose a passphrase, (3) Use WPA Enterprise or 802.1X + WPA. In Part 1 of Beyond Passwords, WiFi Planet explained the problem and showed why organizations are interested in improving on password authentication. In part two, they examine the solution. Broadband Reports has additional background.

Tom’s Networking has a definitive collection of security resource links. Broadband Report links to some interesting maps by Postini that illuminate the geographical origins of spam, viruses and directory harvest attacks.

This Network World Article on Wireless Security assembled 23 wireless products from 17 vendors and ran them through a battery of tests. It’s a comprehensive review of the latest gear.

• Cracking the wireless security code
• What we tested
• WEP: Stick a fork in it
• 802.1X: A stepping stone
• WPA – An accident waiting to happen
• 802.11i: The next big thing
• Security standards aside, lock down your boxes, boys!
• Wireless Access Point: Wire-side security testing (PDF)
• How to do it: Securing your wireless LAN
• Tools, not standards, that help tie down wireless nets
• Glossary of wireless security terms
• Explaining TKIP
  How we did it
• Archive of Network World reviews

WSC Guard has a free client (for a month, then $4.95/monthly), as does Lucid Link.

Be Sociable, Share!

• 

Posted by Sam Churchill on Friday, April 8th, 2005 at 8:53 am.