Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
-
[an error occurred while processing this directive]
-
  -  
 
 Home > In Person
 Print Friendly Page ||  Email this story
In Person - WLANs
Alternatives to WEP security

When it comes to implementing wireless LANs, security and interference have been major concerns. Bernard Trudel, Marketing Manager-VPN & Security, Cisco Systems, talks about emerging security standards and how to counter interference. by Brian Pereira

What are the challenges faced by developing countries like India when implementing wireless networks?

I see WLANs (Wireless LANs) as a nice solution for developing countries. It can be deployed in areas where they might not have infrastructure. It allows them to provide high bandwidth solutions while infrastructure is being developed. Take Mumbai for instance. There's 500 Km of dug up trenches to put in infrastructure. With WLANs you can put in pockets of access, which you wouldn't be able to do as you wait for infrastructure (terrestrial links) to be set up.

I haven't seen any other specific challenges for wireless LANs in developing countries. The security issues are the same here as anywhere in the world. Maybe the hackers here don't have access to as many tools as they do in other countries, so you are even more secure.

The other area that could possibly be a concern is interference. If the regulations aren't in place to limit the amount of transmissions done, for 802.11b in the 2.4Ghz spectrum for example, then you'll face challenges in getting the reliable wireless LANs to work.

Since 802.11b WLANs share the same spectrum as appliances like cordless phones and remotely operated garage doors, these devices are bound to interfere with wireless transmissions. How can this problem be resolved?

The long range access tends to be a direct signal so it's less susceptible to direct interference. But from a local point of view, there could be some issues of interference from cordless and mobile phones. We see that in the US as these devices use the same spectrum. It's a matter of identifying devices that could potentially cause interference and then positioning your access points away from these.

WLANs use DSSS (Direct-Sequence Spread Spectrum) transmission technology, which has built-in mechanisms to counter interference. So the technology minimizes the disturbance due to interference.

There has been much concern about the security of WLANs. Analysts have pointed out weaknesses in WEP (Wired Equivalent Privacy), prompting some organizations to shy away from, or suspend usage of WLAN. So what other solutions/standards are available for securing WLANs?

The answer is two-fold. Organizations can use a Cisco solution called LEAP. It addresses all the security vulnerabilities (in WEP). LEAP forms the basis of a future standard called 802.11i. The framework of LEAP is being used to develop 802.11i.

(Editor's note: Cisco introduced LEAP authentication in November 2000. It is an authentication algorithm that leverages the 802.1x authentication framework. 802.11i will provide an alternative to WEP for it will offer new encryption methods and authentication procedures.)

How is Cisco LEAP an improvement over the WEP standard?

In LEAP we have included a number of WEP enhancements like preventing replay attacks, preventing bit flipping attacks; dynamic per user, per session WEP keys etc. The standard to watch for is IEEE 802.11i which will provide open standards based security.

Can the 802.1x standard secure WLANs? In what way?

This is a standard that focuses on port access. Cisco LEAP uses the structure that's defined by 802.1x to provide port access authentication in WLANs. The 802.11i committee for the authentication part is very strongly leaning towards 802.1x as the authentication mechanism for WLANs.

Is it true that hardware based security is better than software solutions?

If you go by what is happening in the industry, the software-based solutions are out of favour with organizations in general and even vendors. At Cisco we believe in an appliance-based solution (Cisco PIX Firewall). Of course, its software running on a hardware appliance. You need software to manage the firewall. The security implications of having a fixed appliance, which you can't break into, are so much better than a software-only solution.

Hardware based security is certainly proven and most security vendors are looking at hardware-based solutions.

At Cisco we offer hardware appliances (for network security) but also offer customers our IOS-based firewall, so they have the best of both hardware and software for security.

Brian Pereira can be reached at brianp@networkmagazineindia.com

 
     
- <Back to Top>-  

Copyright 2001: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by The Business Publications Division of the Indian Express Group of Newspapers. Site managed by BPD