The challenge of Wi-Fi

We like to think that IT is a rational endeavor, that getting technology to work is a matter of following best practices and playing by the rules. And why not? We’ve got product specs that describe functions and features, standards that ease configuration and interoperability, and documentation that spells out implementation. Simple.

Not in this world. And especially not in the world of wireless.

If you need proof beyond your own experience, consider this week’s cover story, “The Wi-Fi Security Challenge” (see page 40). Authors Brian Chee and Oliver Rist set out to settle a simple question: Are centralized WLAN switches better at managing security than intelligent access points residing at the edge? They got the answer they had anticipated (an emphatic yes). But in testing two leading WLAN switches from Aruba and Trapeze, they stumbled onto a number of gotchas: WLAN infrastructure relies heavily on specific client-side hardware and drivers; roaming doesn’t work as advertised; and security standards are still evolving.

The client issue was the real eye-opener. “We thought the clients were neutral,” Rist notes. They’re not. Although Chee and Rist tested using state-of-the-art notebooks (including an IBM ThinkPad T41, a Toshiba Tablet PC, and a Toshiba Portege R100), they had to perform loads of tweaking to ensure everything played well together. For example, “We couldn’t use Centrinos, because the advanced authentication and encryption drivers we needed didn’t exist yet,” Rist explains. So to get a common denominator, the authors settled on a single WLAN NIC (network interface card). As it turns out, both Aruba and Trapeze are optimized for specific Wi-Fi card drivers — not the garden-variety Proxim card chosen. In other words, one size does not fit all.

Roaming proved to be particularly tricky. Both companies say their switches can handle it. But “try walking down the hall to a different subnet while running an active session, and the WLAN will have trouble maintaining that session,” Rist says. “Admittedly, we went extreme. Most enterprises don’t do the stuff we tried to do across multiple access points.” Still, roaming is one of Wi-Fi’s potentially more attractive features. It should work out of the box.

The state of standards is also squishy. The existing WEP (Wired Equivalent Privacy) security protocol is porous and insecure. Meanwhile, WPA (Wi-Fi Protected Access) — a subset of 802.11i — probably won’t be solid until year’s end. Relying on any of these standards right now is a difficult proposition.

The upshot? Switches take WLAN administration to a new level. Unfortunately, they’re not polished products just yet. Specs and standards aside, implementing a WLAN and ensuring a reasonable security model — at least today — is more art than science.