Learn The Basics Of WPA2 Wi-Fi Security

Learn how WPA2 can help secure your wireless network, providing encryption and access control, and why it's safer than previous standards.

InformationWeek Staff, Contributor

January 25, 2006

2 Min Read

Most of the latest enterprise wireless systems support WPA2 or are upgradable to it. But if you don't have an authentication or RADIUS server that supports the requisite EAP types, you'll have to pull together the elements to do so. And you probably have a few laptops and PC cards that don't support WPA2 because they lack the necessary AES encryption hardware. Sometimes a firmware and/or driver upgrade will activate that functionality.

Another challenge is getting WPA2 to embedded or small form-factor devices such as PDAs, Wi-Fi phones, barcode scanners and wireless print servers. These devices tend to lag in security features due to integration challenges and their infrequent replacement lifecycle.

You can create a separate SSID with WEP or WPA on a separate VLAN with limited, controlled and monitored access to your network. An example is Wi-Fi phones that support only WEP or WPA-PSK: Because they need to communicate only with the VoIP infrastructure, you should restrict them from accessing the general corporate network. Of course, voice calls are still susceptible to decryption, and it might make sense to wait for handsets that support some form of 802.1X.

Supporting WPA2 on your existing desktops and laptops isn't always easy. If the type of EAP you're using is not supported by the wireless station's OS, you can use the supplicant provided on your wireless card's drive or install, configure and manage a third-party supplicant. If you can't convert all your users in short order, you can overlay your system with a new SSID that uses WPA2 or mixed-mode encryption. Then you can convert your devices to WPA2 by location, for instance.

Either way, Wi-Fi is ready for prime time when it comes to enterprise security. WPA2 provides encryption and data integrity, and when used with 802.1X authentication, you get complete link-level security.

Frank Bulk is a contributing editor to Network Computing. He works for a telecommunications company based in the Midwest. Write to him at [email protected].

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights