Deploying WPA Today - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:33 PM

Deploying WPA Today

Wi-Fi Protected Access could prompt companies to update wireless security, especially small networks and home users.

It's no secret that Wi-Fi LAN security is in a fairly abysmal state. Wi-Fi Protected Access is a security mandate that could prompt even lax companies to upgrade their systems.

Any business running Wi-Fi LANs should upgrade to Wi-Fi Protected Access (WPA) security as soon as possible. WPA provides far better security than the almost useless Wi-Fi standard security mechanism, Wired Equivalent Privacy (WEP), that's shipped with Wi-Fi PC cards and access points. With vendors starting to roll out WPA today, upgrading should be relatively easy for small networks and casual users. It may be harder for larger networks and corporate users with scalable requirements.

If you're already running a Wi-Fi LAN, the first step will be to check with the vendor of your Wi-Fi access points, PC cards, and PCI adapters, to see if the firmware can be flash-updated to support WPA. In most cases, flashing will be possible, but there may be a few cases where access points, PC cards, or other gear will have to be replaced because the hardware lacks the necessary computational power or throughput.

Once you've upgraded to WPA, you can choose to run your WPA security in one of two modes: either pre-shared key (PSK) or server-based infrastructure. In PSK mode, which will be the choice of most home, small-office, and casual setups, you only have to enter a password at each client, and each access point, and you're done. The clients and access points will take care of generating the various cryptographic keys.

For medium-sized to large enterprises, or any situation where security is critical, you will want to run WPA in server-based infrastructure mode. That means you'll need an authentication server and Public Key Infrastructure (PKI).

To support WPA's 802.1X implementation, you'll need to run a Radius server such as Microsoft's Internet Authentication Service package for Windows 2000 Server, Nortel's Radius server, or the open-source server, freeRadius. Authenticating users via WPA's 802.1X implementation will require issuing X.509 public-key certificates, which means that you'll need a PKI.

Since clients will be using 802.1X for authentication and access control, you'll need to upgrade your desktop clients to support it. Only Windows XP currently bundles 802.1X client support (though Microsoft also offers downloads for Windows 98 and 2000 systems), but your LAN hardware vendor may offer software for older versions of Windows and for Macintosh. Open-source clients are available for various Linux and Unix systems. Commercial clients are available from companies such as Meetinghouse Data Communications.

For smaller networks that may balk at the prospect of deploying an expensive and complex PKI, security experts Jon Edney and William Arbaugh describe how to bypass the need for a PKI in their new book Real 802.11 Security (Addison-Wesley), which will be available in late July. Their method, which should only be used for small networks where scaling and enterprisewide access isn't an issue, involves using self-signed certificates created with the freeware tool, OpenSSL. Their book also describes how to deploy WPA in a server-based infrastructure mode using mostly off-the-shelf, freely available, open-source software, and how to create a WPA-capable access point using a laptop running Linux.

Return to main story, Wi-Fi: Security For The Masses

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll