WLAN security steps up

A pair of recent studies on the Canadian wireless LAN market reveal that Canadian enterprises are eager to break free of their wireline bonds.

One major factor in the growing popularity of wireless LANs is improving security schemes.

“Security is still a big barrier,” says Warren Chaisatien, an analyst with market research firm IDC Canada Ltd. in Toronto. “But I think in the last 12 months or so the vendor community has done a good job of quelling the enterprise security concerns.”

A study from IDC Canada forecast that wireless LAN equipment revenue would grow by almost 20 per cent this year to 82.9 million, mirroring the results of a study from telecom consultancy the Seaboard Group, which predicted revenue from Canadian WiFi hardware and integration services would grow from $100 million in 2002 to nearly $200 million in 2003.

Evolving security standards are giving enterprise customers more confidence in deploying wireless LANs internally, according to wireless LAN equipment vendors.

Organizations looking at deploying a wireless LAN have a couple of options for security.

The first is to simply extend a virtual private network (VPN) to users on the wireless LAN by installing VPN software on wirelessly-enabled laptops. The main drawback of this option is that VPNs create a lot of network overhead and can only be used on a relatively small scale, noted Shawn Winter, senior associate director with Bell Canada.

Also, if an enterprise doesn’t already have a VPN in place, installing a system from scratch can be time-consuming and expensive.

However, VPNs can work.

McGill University in Montreal relies on VPN gear from Colubris Networks to secure its campus wireless network.

Students authenticate themselves on the network using McGill’s existing RADIUS server. When students register for the first time, Colubris’s CN3500 Access Controller lets them download the required VPN software merely by clicking a Web link.

The second security option is to use features wireless LAN vendors build into their access points.

There are two components to inherent WLAN security – authentication and encryption. Each has its own standard and each is still a work in progress.

WLAN encryption got a boost with the recently released WiFi Protected Access (WAP) standard from the Wi-Fi Alliance.

WAP replaces the Wireless Equivalent Protocol (WEP), which was criticised for being too easy to hack. WAP, however, is only an interim standard, which will ultimately be replaced by the 802.11I standard from the IEEE, due out sometime next year. Wireless vendors say that WPA, which uses parts of the 802.11I standard, will be compatible with 802.11I once the new standard is released.

Authentication on a WLAN is covered by the 802.1x standard, which is part of WPA and 802.11i. Like WAP, though, 802.1x is an evolving standard. 802.1x relies on the Extensible Application Protocol (EAP) and there are five different EAP versions.

The University of British Columbia currently secures its network by allowing students to download VPN software. But ultimately the school plans to use 802.1x and WAP to secure on-campus connections, while encouraging mobile users connecting over unsecured hotspots off-campus to use the VPNs.

Despite the improved security, wireless LAN vendors aren’t expecting the market to explode.

“We’re not going to see enterprise sales jump through the roof just because this stuff is available,” said Brent Nixon, wireless product line manager with 3Com. “It’s going to take time.”

In general, users are more confident in wireless security, noted Chris Bazinet, national manager of product and technology services with Cisco Systems Canada.

“But every time there’s a piece in the paper about a wireless security weakness, you get an e-mail asking if Cisco is protected from a particular hack,” he said. “The answer is usually yes, if you have the proper security implemented on the network.”

– With files from IDG News Service