March 26, 2001 5:00 PM PST
Windows XP to offer wireless security
Microsoft on Monday announced it will support a new wireless security standard in its forthcoming Windows XP operating system that will make it easier and safer for people with PCs, laptops and handheld devices to connect to a wireless Net connection.
Other supporters of the standard, called 802.1x, include network equipment makers 3Com, Cisco and Enterasys Networks, PC makers Compaq Computer, IBM and Dell, as well as chipmakers Intel and Intersil.
Analysts and tech executives say the new security standard will fix many, but not all, of the security vulnerabilities that UC-Berkeley computer scientists recently found in wireless networks based on the wireless standard Wi-Fi, or 802.11B.
"This is important because business customers' single objection to deploying wireless technology is the fact that it's not secure," said Bill Rossi, vice president and general manager of Cisco's wireless networking operation.
In February, university researchers found holes in wireless networks that allow people to surf the Net while roaming around their homes, offices and public places, such as airports and cafes. The researchers said the security holes could let hackers intercept and alter transmissions passing through the wireless networks.
Analysts and tech executives believe the new wireless security standard will help increase the sale of wireless networking products when the standard is finalized by the Institute of Electrical and Electronics Engineers (IEEE) during the second half of this year.
The tech companies sell wireless products that include notebook PC cards that have radio transmitters and receivers built in. They also sell a piece of hardware affixed to ceilings or walls that links the computers to a Net connection. That piece of hardware, called an "access point," links the wireless network to an office's wired network and has a range of several hundred feet.
Previously, network administrators would have to manually install a password on each laptop for an employee to connect to the wireless network, so that messages are encrypted, Rossi said. Those passwords rarely changed.
In addition, he said, the previous technology only allowed employees to connect to one access point, so if workers needed to wirelessly connect to the Net in another building on campus, the employees couldn't automatically connect to another access point.
Now with Microsoft and other tech companies supporting the new wireless security standard, people with laptops get a different password every time they connect to a wireless network, making the connections secure, he said. In addition, that same password can be used across multiple access points throughout the workplace.
"If you were using a notebook at work and went to the airport, it wouldn't automatically think you were back at the office. It will look to see where you are and log you onto the network," said Tom Laemmel, Microsoft's product manager for Windows. "It's easier on your users. It offers hands-off configuration to connect up to wireless networks."
Microsoft will ship Windows XP during the second half of this year. 3Com and Cisco executives say they have already been supporting an early version of the new security standard in its wireless networking products.
The only thing that the new wireless security standard doesn't resolve that UC-Berkeley researchers addressed is the need for advanced data scrambling for better security, Cisco's Rossi said.
Meta Group analyst Chris Kozup said people who want the best security while on a wireless network need to install a virtual private network. VPNs are secure high-speed connections to corporate networks over the Internet.