Wi-Fi security is a pain that is slowly subsiding

Wi-Fi security has come a long way since two 20-somethings sat in the parking lot of a Lowe’s store in Southfield, Mich., hacked their way into Lowe’s datacenter in Wilkesboro, N.C., and downloaded customer credit card numbers. Two years on and many companies are still as vulnerable today as Lowe’s was then.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Return to special report DOWNLOAD PDF Click here to download InfoWorld's special report Hard-won security lessons

Most experts agree that the weakest link in the enterprise today results from a failure to upgrade to the latest encryption and authentication technologies.

“Early on a lot of wireless devices were simplistic at best with a 40-bit WEP key and no support for authentication,” says Richard Rushing, chief security officer for AirDefense.

In addition to WEP, another limited legacy approach to security is LEAP (Lightweight Extensible Authentication Protocol), originally a Cisco protocol for transporting authentication data. Cisco is now phasing out LEAP and other approaches in favor of PEAP (Protected Extensible Authentication Protocol), developed jointly by Cisco, Microsoft, and RSA Security.

In addition, most newer Wi-Fi networks now deploy 802.1x with stronger password-protection functions and AES (Advanced Encryption Standard) authentication.

But for many large companies a Wi-Fi network involves a multiyear rollout, which often precludes going back to square one and upgrading APs and client devices every time a newer technology is introduced.

If a company can’t migrate to AES, which requires faster processors in the AP, then the company should consider using a VPN in house for its Wi-Fi network, says Roger Sands, vice president of enterprise development at Colubris Networks.

“Or at least use TKIP [Temporal Key Integrity Protocol], which is better than a static WEP key,” Sands says.

The truth is that wireless technology in general has an inherent weakness not shared by a wired network: A physical barrier can’t protect wireless .

When wireless leaves the building it is the same as putting an Ethernet connection outside the door, Rushing says.

Because almost all of the basic gambits hackers used three years ago, such as the Evil Twin, DoS, and taking down all APs in order to put in a rogue AP when the system reboots, are still possible, the only real defense is to monitor and scan the airwaves for intruders, says Rich Mironov, a vice president at AirMagnet.

Despite all the high-tech gadgetry used by both good guys and bad, many security rules are commonsense, says Jack Gold, a principal at JGold Associates.

“Make sure people log out, don’t leave devices hanging around, and make sure people aren’t looking over your shoulder,” Gold says.

All the experts spoken to for this article agreed that wireless is a magnifying glass, and if there is a security hole in your organization, wireless will magnify it.