Wireless security better than you think

I recently blogged about how the 802.11n Wi-Fi standard may make wired Ethernet ports a thing of the past in some industries. Whenever I write about wireless in this way, I always get dinged with security concerns. Do we really want our financial transactions and health care records riding over radio waves willy-nilly across the enterprise?

I certainly understand the sentiment. After all, security professionals are paid to be paranoid. My contention however is that while Wi-Fi security has greatly improved over the past few years, many security professionals still hark back to the early days of the easily hackable Wired Equivalent Privacy (WEP) and use this to fuel their current skepticism. With all due respect to the security community, things have changed quite a bit.

Don't get me wrong. A mis-configured or rogue wireless access point is still a huge vulnerability, but a strong configuration based upon the WPA2 and 802.1x standards make Wi-Fi pretty secure. Still not convinced? Talk to Wi-Fi security leaders like Aruba Networks, Cisco Systems, and Trapeze Networks and you'll find some of the smartest network security minds around. Hey, they have to be more paranoid then security professionals or they don't sell a thing.

One final note on wireless security. A lot of today's commercial technologies had their roots in the military and were used in battlefield environments. Aruba Networks has received certification from the U.S. Department of Defense and the U.K. Ministry of Defense. Pretty tough security crowd, if you ask me.

Believe me, I am the first person to stand up and cry foul when the industry tries to hide security vulnerabilities, over-market security functionality, or use proprietary security technologies to lock out competitors and lock in customers. Wi-Fi security passes all of these hurdles in my mind. As such, it is time to start considering the "all wireless office" in earnest and stop reviving the arguments of the past.

Jon Oltsik is a senior analyst at the Enterprise Strategy Group.

[mattpimf]

Your argument is still weak - WPA/WPA2 is still vulnerable to hardware-level exploits (like the Intel bug that was discovered several weeks ago and talked about on 'Security Now'). Also, unless you're using huge, random passwords your wireless is not secure (even then, it still is not secure). I googled and found this article (along with many others) on methods used to crack WPA/WPA2:
http://www.smallnetbuilder.com/content/view/30278/98/

The only "secure" WiFi security right now is using IPSec. Do you have any links to your sources for the claims about Aruba Networks, Cisco Systems, Trapeze Networks? Were they from sales people who will tell you anything just to make the sale?

[mattpimf]

Your argument is still weak - WPA/WPA2 is still vulnerable to hardware-level exploits (like the Intel bug that was discovered several weeks ago and talked about on 'Security Now'). Also, unless you're using huge, random passwords your wireless is not secure (even then, it still is not secure). I googled and found this article (along with many others) on methods used to crack WPA/WPA2:
smallnetbuilder.com/content/view/30278/98/

The only "secure" WiFi security right now is using IPSec. Do you have any links to your sources for the claims about Aruba Networks, Cisco Systems, Trapeze Networks? Were they from sales people who will tell you anything just to make the sale?

[InklingBooks]

Encryption aside, wireless also has a problem with location. The WiFi at my sister's house sits well within a wooded lot that's in a depression. I doubt her WiFi crosses her property line. For her, WiFi is a safe and convenient way to make a connection she doesn't use that much.

On the other hand, WiFi for a glass-walled finance company office on the 45th floor of a skyscraper is not only visible to hackers with directional antennas for miles around, it's causing and receiving interference to everyone within hundreds of yards. And for what? So no one has to install Cat 5e cable for equipment that'll remain in the same location and connected to the same network for years, networks that are active at least 8 hours a day, 5 days a week. That makes no sense. I suspect the only argument for not going wired it that in a few years it may be replaced by fiber.

Wired networks give a physical security that no wireless system can provide and they provide clean, predictably error-free connections that no population density of gadgetry (and microwave ovens) can disrupt. And the do it through concrete walls and floors. By arguing that everyone will be using it, whatever the location, you're arguing that many will be unhappy with it for that same reason.

--Michael W. Perry, editor of Chesterton on War and Peace: Battling the Ideas and Movements that Led to Nazism and World War II.

[skurewu]

Wireless security is limited by the hardware of the wireless access point. The reason why WAP's had weak algorithm's in first place (WEP) was due to the fact that they needed an algorithm that could be implemented in a cheap device (WRT54) that would still give performance that a consumer would pay for (54Mbps). We have had stronger encryption algorithms for a long time before WEP came out, but its limited hardware prevented us from using it.

Which aruba devices were military certified? Are they the same product lines a small office will be able to afford? Probably not, I'm guessing the military has a little more money in their pockets than the small mom and pop shop down the street. Probably more cost effective for them to run a VPN on an old fashioned wired network.

You can implement safer networks on wired networks, you just have to be a little smart.

[benjaminstraight]

I am sure that WiFi has improved. There will always reasons to be paranoid about WiFi because the fact is info flying out in space is susceptible to some type of spiderweb.