PCCITIZEN.com - SAFE COMPUTING/HOME NETWORKING/COMPUTING TIPS/CLEANUP-FIXUP-ADDUP
IS THERE ANY HOPE FOR THIS STUFF?
Stay tuned. This is a discussion of the future of the 802.11a/b/g technologies, especially concerning the security issues. In the meantime, here is a very good article. Here is another good article - unfortunately it is in the Nov PCWorld, and I can't link to it (at least yet): "Warp-Speed Wireless"
As of Fall 2003, I don't believe any of the major vendors have implemented the "WPA" techniques yet in the 802.11b products. There are some upgrades available for the 802.11g products, however, including the Linksys WRT54G 802.11g router, and the WPC54G PC Card. The 802.11i technology, currently in standardization, will actually require new chips in the wireless routers, in order to do the AES encryption, so this could be a year or more out. In other words, security in wireless still sucks pretty bad.
[I have noticed in Dec 2003 that Linksys has made a WPA upgrade available - 1.50 for the BEFW11S4 802.11b router, but only for the v4 router, not the earlier versions! Don't hold your breath about the earlier versions - I have a ver 2.]
www.wi-fi.org contains some very good info about the wireless standards, especially the WPA and 802.11i efforts.
A WPA upgrade to your existing wireless router and NIC cards will add some special tricks that can be played with the ...existing.. 802.11b and 802.11g hardware to make it very difficult to crack the security. In addition, Win XP has added the WPA capability to their OS with Service Pack 2.
Here are some initial experiences with the Linksys 802.11g products, including the WPA feature. It actually seems to work - after some patches and upgrades which have just become available.
As of November 2003, there are two fixes you need to add to your WinXP in order to tune up the wireless networking and add the WPA capabilities. Go here:
AS of January 2007, you need to get the Wireless client update.. This probably obviates the need for the above two updates...
A Note of Caution!
Now WPA solves almost all the security problems inherent with the original 802.11b and 802.11g, especially in a controlled environment such as the home or office. But there is still a very big concern about "rogue Access Points (APs)" which can be present in certain situations. For example, at trade shows, and conferences where wireless access is provided, it is very easy for a malicious person to "install" an AP of his own design, and get you to authenticate to it, thereby stealing all your security info. This is called "man in the middle" attack, and has already been done widespread. See this article e.g. The security that will solve this problem is when the network is authenticated, as well as the supplicant (you). Right now, the simple shared secret key approach of PSK-TKIP [Pre-shared key/ temporal key integrity protocol] WPA only performs one way authentication, i.e. the network authenticates you, the lowly user. You are NOT authenticating the network in this scheme. What is needed is two way authentication, such as is performed in SSL and TLS, the protocols used by https. One of the EAP protocols offered in WPA, EAP-TLS does provide this, but it is generally only applicable in a more complex environment, where RADIUS servers are available. So you still need to be careful, even if you get WPA to work in pre-shared key mode!
The latest news is that "WPA2" will show up in about a year. This will require new hardware most likely because of the AES cryptography used. And no longer will short shared keys be allowed. This is potentially one of the biggest problems with WPA 1, even though it is so much better than WEP. People are choosing very short keys, making the network vulnerable to social engineering exploits.
Update June 2004:
802.11i, which I think is the formal name for WPA2 (?) has just been approved.
Update Jan 2006:
Copyright John D Loop Wednesday October 26, 2005