Wi-Fi security still spotty

In addition to being faster than their predecessors, new Wi-Fi-certified 802.11g wireless products promise better protection from snoops, thanks to Wi-Fi Protected Access (WPA) encryption technology. But even though the WPA standard was introduced about a year ago, some 802.11g products may not support it.

The good news: In our informal tests with a half dozen Wi-Fi access points and 14 internal and external adapters, WPA worked on all products certified for interoperability by the Wi-Fi Alliance industry group. Also, a Windows XP patch that Microsoft Corp. issued last fall can fix some incompatibilities. The bad news: Certification is far from universal, especially in certain Wi-Fi product categories; some uncertified products had problems; and it’s not always easy to tell what offerings (and technologies) have been certified.

Certified trouble

The worst offender in improperly representing certification was Microsoft. Its MN-700 access point/router displays the Wi-Fi Alliance’s certification label for WPA prominently on the box, but the device failed to establish a WPA connection with any of six 802.11g wireless PC Cards — including Microsoft’s own MN-720 model — and with six of eight tested notebooks using integrated 11g wireless. Not all of these notebooks and cards were certified for WPA, but all connected with several other WPA-enabled routers.

Wi-Fi Alliance representatives say the Alliance certified the MN-700 for the 802.11b and 802.11g standards with security turned off. Spokesperson Brian Grimm says the Alliance will contact Microsoft about updating its labeling.

Microsoft announced in May that it was leaving the wireless networking business, but it intends to continue supporting its products. A spokesperson says that the company plans to issue a patch enabling WPA in July, although throughput will drop to about 7Mbps — well below the minimum 12 to 14Mbps that industry experts estimate users should expect with devices that have WPA enabled.

The Wi-Fi Alliance accurately reported Microsoft’s certifications in the product database on its Web site. The database is a good resource to consult before you buy, although we did find some instances where items appeared in the wrong category. For example, D-Link Systems Inc.’s DWL-G650 PC Card appeared on the list of internal cards, not external cards as it should have.

Don’t assume WPA

Technically, WPA is not part of the 802.11g standard, but in September 2003 the Wi-Fi Alliance began making WPA support a requirement for most products to pass 11g certification tests.

But 802.11g certification is no guarantee of WPA compliance. That’s because products submitted for testing before last September — including the Microsoft MN-700 — were exempt from the Wi-Fi Alliance’s WPA requirement.

Other name-brand Wi-Fi products we tested were also certified for 802.11g but not WPA. Still, most managed to work together with WPA enabled. The only exception, besides the Microsoft MN-700, was IOGear Inc.’s GWA 501 access point/router, which is not Wi-Fi-certified for anything. It did establish WPA connections with four cards and three notebooks; but it failed with two other cards and five other notebooks we tested, including two using the Wi-Fi chip in Intel Corp.’s Centrino mobile technology.

How important is Wi-Fi certification? Corporate IT departments generally demand it, but it appears to be less important to small businesses and to home users. So some vendors, such as IOGear, skip certification altogether, while others begin selling a product before it has been certified, assuming that it will pass later on. Netgear’s new WGT634U Wireless Media Router, for example, has been on the market since April but was still awaiting certification at press time. The Wi-Fi Alliance, however, says that about one in four products fail the test on their first attempt, mostly because of WPA glitches.

Regardless of the equipment you have, you can increase its chances of working with other products by installing the manufacturer’s latest drivers and firmware and Microsoft’s latest updates. The original Windows XP update adding WPA capabilities had bugs that sometimes killed connections. Go to this link for the fix.

WPA-certified products may be hard to find in certain categories. That’s because WPA wasn’t required for 802.11a products — including 11a/11g combos — until October of last year — and even then it was required only for basic equipment such as access points, access point/routers, notebook and desktop cards, and notebooks with built-in wireless.

For devices such as media receivers, printers, print servers, PDAs, and ethernet-to-wireless bridges, WPA wasn’t required for Wi-Fi certification until late January 2004. Few current devices support WPA, certified or otherwise, though most do offer Wired Equivalent Privacy (WEP), its weaker predecessor. A few access points, such as those from SMC, can support both WPA and WEP clients simultaneously. But in that case, a hacker could access the network by cracking the weaker WEP encryption. And if your access point doesn’t support both encryption schemes simultaneously, you’ll have to use WEP unless all of your equipment supports WPA.

Bottom line: WPA provides strong security for wireless networks, but be sure that you buy the latest Wi-Fi-certified products to avoid incompatibilities. Products on the Wi-Fi Alliance’s certified list are the safest; contact the vendor if you’re in doubt. And be prepared to wait anywhere from several months to as long as a year for specialty equipment with WPA certification to become widely available.

Stronger security, streaming media standards coming

While WPA implementation stumbles along, a newer version of the technology is already on the way. It’s called WPA2, and its main selling point is stronger encryption using the Advanced Encryption Standard, which the federal government requires for handling its sensitive information. WPA2’s use of AES will appeal to companies with ultrastrict security requirements. But for most firms, the current WPA’s respected RC4 encryption should be good enough.

WPA2 is the Wi-Fi Alliance’s marketing name for the IEEE’s 802.11i wireless security standard, which was scheduled for ratification in June. The original WPA was a response to the huge demand for better Wi-Fi security than the easily crackable WEP encryption of the first Wi-Fi products. Certification for WPA2 products, which require an additional co-processor that many WPA products don’t have, is due to commence in September.

The same two-step rollout will apply to the 802.11e standard for quality of service (QoS), which aims to help multimedia data move smoothly through the network so that streaming audio and video don’t skip or stutter. Wi-Fi-enabled cell phones and streaming multimedia players are among the likely users of the technology.

The first part of 802.11e, called Wireless Multimedia Extensions, allows Wi-Fi equipment to recognize priority tags placed on data packets. Programs that create the data can attach high-priority labels to it. Few applications currently can do this, but RealNetworks Inc. says that it will add the capability shortly after the specification is ratified, and Microsoft says that it’s looking into doing the same thing. Apple Computer Inc. declined to comment. The Wi-Fi Alliance also expects to begin WME certification testing in September; and WME-certified products, such as media receivers, should start to appear before the end of the year.

The full 802.11e specification will support WME but will also include alternative QoS technology called Wireless Scheduled Multimedia. The IEEE expects to finalize the standard by year’s end, with the first 802.11e products anticipated in 2005.

Related Download
CanadianCIO Census 2016 Mapping Out the Innovation Agenda Sponsor: Cogeco Peer 1
CanadianCIO Census 2016 Mapping Out the Innovation Agenda
The CanadianCIO 2016 census will help you answer those questions and more. Based on detailed survey results from more than 100 senior technology leaders, the new report offers insights on issues ranging from stature and spend to challenges and the opportunities ahead.
Register Now