Wireless in the EnterpriseNetwork World's Wireless in the Enterprise Newsletter, 07/02/07Wi-Fi phone security statusBy Joanie WexlerWi-Fi phones are still awaiting the Wi-Fi fast-roaming standard, 802.11r, to allow them to catch up to the enterprise-class security capabilities of data devices. 802.11r was once anticipated for completion in late 2006, but we’re now looking at spring 2008 for final IEEE 802.11 Task Group R final board approval. 802.11r aims to minimize the interaction between Wi-Fi access points and backend RADIUS authentication servers by standardizing how some client credentials are cached in an AP. RADIUS authentication is required for 802.11i Wi-Fi Protected Access 2-Enterprise Mode (WPA2-EM) security, and WPA2-EM requires client re-authentication by the centralized server every time an AP handoff occurs.
The idea behind 802.11r is to speed up the handoff of a user client device and associated credentials from one AP to another when the user roams or the client re-associates with a new AP for other reasons. Today’s WPA2-EM re-authentication times can inject too much delay into the handoff process for voice to tolerate, notes Ben Guderian, a vice president at Polycom/SpectraLink, a veteran in wireless telephony for businesses. Once 802.11r is ratified and supported in handsets and APs, WPA2-EM, which uses the 802.1x security framework, should theoretically work in Vo-Fi deployments. In the interim, some Wi-Fi companies, such as Cisco, support proprietary fast-roaming capabilities. And most Vo-Fi-capable handsets support WPA2-Personal Mode, also called Pre-Shared Key (PSK) mode. WPA2-PSK affords pretty strong security, but requires some tradeoffs for usability. Its main foible is that it shares a single passkey among all APs in the Wi-Fi network, so a compromise in the passkey would threaten the entire network. The good news is that, unlike earlier 802.11 security versions, the key isn’t sent over the air, and it is not discoverable by backing out of the data transmitted, says Guderian. “The biggest risk is that an administrator puts the passkey on a Post-It note and someone reads it,” he says.
|
Contact the author: Joanie Wexler is an independent networking technology writer/editor in California's Silicon Valley who has spent most of her career analyzing trends and news in the computer networking industry. She welcomes your comments on the articles published in this newsletter, as well as your ideas for future article topics. Reach her at joanie@jwexler.com. ARCHIVEArchive of the Wireless in the Enterprise Newsletter. BONUS FEATUREIT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE International subscribers, click here. SUBSCRIPTION SERVICESTo subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007 |
No comments:
Post a Comment