New wireless security means costly upgrade

Wireless local area network (Lan) users will face a hefty bill if they want to take advantage of a new encryption standard currently being developed.

The forthcoming 802.11i standard will not be backwards compatible with existing 802.11b architecture, although it can be built into new hardware.

"It won't run with the current 802.11b infrastructure," said Brian Mathews, publicity chairman of the 802 working group.

"The hardware needed to run the encryption will need to be fairly powerful, so old 802.11b cards won't be able to run it.

"But there'll be nothing to stop it being built into future 802.11 'b', 'a' and 'g' hardware."

Matthews would not say how far down the line to certification the standard is, but he confirmed that the working group is one of the busiest at the Institute of Electrical and Electronics Engineers.

The problems with backwards compatibility do not effect 802.1x, the suggested new authentication protocol for wireless networks.

Mark Stevens, vice president for network security at appliance vendor WatchGuard, explained that the existing Wireless Encryption Protocol (Wep) standard is too weak, and that Wi-Fi protected access is not much better.

"Wep can be broken with hacking tools that are on the web now," he said. "Wi-Fi protected access came into existence because the 802.1x and 802.1i standards are taking too long to come online. Now compatibility fears could slow reliable security down still further."

However, analysts maintain that users are also to blame for poor security, while acknowledging the mistakes made by manufacturers.

"Wireless Lan manufacturers aren't helping by turning encryption off as default," said Frost and Sullivan industry analyst Jose Lopez.

"Wep is not good enough for serious protection, which is why it's being dropped for Wi-Fi protected access. Vendors have a duty to be more security minded.

"As for corporates, they aren't doing enough on wired security and wireless is lagging behind even that."

Market researcher In-Stat found that 11.6 million wireless access points were sold to business worldwide in 2002, with an additional 6.8 million units sold to home users.

Overall, worldwide sales were up over 100 per cent on the year.