it comes to implementing wireless LANs, security and
interference have been major concerns. Bernard Trudel,
Marketing Manager-VPN & Security, Cisco Systems, talks
about emerging security standards and how to counter
interference. by Brian Pereira
are the challenges faced by developing countries like
India when implementing wireless networks?
I see WLANs (Wireless LANs) as a nice solution for developing
countries. It can be deployed in areas where they might
not have infrastructure. It allows them to provide high
bandwidth solutions while infrastructure is being developed.
Take Mumbai for instance. There's 500 Km of dug up trenches
to put in infrastructure. With WLANs you can put in
pockets of access, which you wouldn't be able to do
as you wait for infrastructure (terrestrial links) to
be set up.
I haven't seen any other specific challenges for wireless
LANs in developing countries. The security issues are
the same here as anywhere in the world. Maybe the hackers
here don't have access to as many tools as they do in
other countries, so you are even more secure.
The other area that could possibly be a concern is interference.
If the regulations aren't in place to limit the amount
of transmissions done, for 802.11b in the 2.4Ghz spectrum
for example, then you'll face challenges in getting
the reliable wireless LANs to work.
802.11b WLANs share the same spectrum as appliances
like cordless phones and remotely operated garage doors,
these devices are bound to interfere with wireless transmissions.
How can this problem be resolved?
long range access tends to be a direct signal so it's
less susceptible to direct interference. But from a
local point of view, there could be some issues of interference
from cordless and mobile phones. We see that in the
US as these devices use the same spectrum. It's a matter
of identifying devices that could potentially cause
interference and then positioning your access points
away from these.
WLANs use DSSS (Direct-Sequence Spread Spectrum) transmission
technology, which has built-in mechanisms to counter
interference. So the technology minimizes the disturbance
due to interference.
has been much concern about the security of WLANs. Analysts
have pointed out weaknesses in WEP (Wired Equivalent
Privacy), prompting some organizations to shy away from,
or suspend usage of WLAN. So what other solutions/standards
are available for securing WLANs?
The answer is two-fold. Organizations can use a Cisco
solution called LEAP. It addresses all the security
vulnerabilities (in WEP). LEAP forms the basis of a
future standard called 802.11i. The framework of LEAP
is being used to develop 802.11i.
(Editor's note: Cisco introduced LEAP authentication
in November 2000. It is an authentication algorithm
that leverages the 802.1x authentication framework.
802.11i will provide an alternative to WEP for it will
offer new encryption methods and authentication procedures.)
is Cisco LEAP an improvement over the WEP standard?
In LEAP we have included a number of WEP enhancements
like preventing replay attacks, preventing bit flipping
attacks; dynamic per user, per session WEP keys etc.
The standard to watch for is IEEE 802.11i which will
provide open standards based security.
Can the 802.1x standard secure WLANs? In what way?
This is a standard that focuses on port access. Cisco
LEAP uses the structure that's defined by 802.1x to
provide port access authentication in WLANs. The 802.11i
committee for the authentication part is very strongly
leaning towards 802.1x as the authentication mechanism
Is it true that hardware based security is better than
If you go by what is happening in the industry, the
software-based solutions are out of favour with organizations
in general and even vendors. At Cisco we believe in
an appliance-based solution (Cisco PIX Firewall). Of
course, its software running on a hardware appliance.
You need software to manage the firewall. The security
implications of having a fixed appliance, which you
can't break into, are so much better than a software-only
Hardware based security is certainly proven and most
security vendors are looking at hardware-based solutions.
At Cisco we offer hardware appliances (for network security)
but also offer customers our IOS-based firewall, so
they have the best of both hardware and software for
Pereira can be reached at email@example.com