Search This Blog

Monday, July 02, 2007

Wi-Fi phone security status

Network World

Wireless in the Enterprise




Network World's Wireless in the Enterprise Newsletter, 07/02/07

Wi-Fi phone security status

By Joanie Wexler

Wi-Fi phones are still awaiting the Wi-Fi fast-roaming standard, 802.11r, to allow them to catch up to the enterprise-class security capabilities of data devices.

802.11r was once anticipated for completion in late 2006, but we’re now looking at spring 2008 for final IEEE 802.11 Task Group R final board approval.

802.11r aims to minimize the interaction between Wi-Fi access points and backend RADIUS authentication servers by standardizing how some client credentials are cached in an AP. RADIUS authentication is required for 802.11i Wi-Fi Protected Access 2-Enterprise Mode (WPA2-EM) security, and WPA2-EM requires client re-authentication by the centralized server every time an AP handoff occurs.

Ease Application Performance Headaches

Four real-world case studies show you how network IT executives are improving performance in Network World's latest Executive Guide, "Perfecting App Performance Management." Also, discover tips, trends and expert advice on how you can take advantage of new technologies to stay ahead of performance problems.

Click here to find out more.

The idea behind 802.11r is to speed up the handoff of a user client device and associated credentials from one AP to another when the user roams or the client re-associates with a new AP for other reasons. Today’s WPA2-EM re-authentication times can inject too much delay into the handoff process for voice to tolerate, notes Ben Guderian, a vice president at Polycom/SpectraLink, a veteran in wireless telephony for businesses.

Once 802.11r is ratified and supported in handsets and APs, WPA2-EM, which uses the 802.1x security framework, should theoretically work in Vo-Fi deployments.

In the interim, some Wi-Fi companies, such as Cisco, support proprietary fast-roaming capabilities. And most Vo-Fi-capable handsets support WPA2-Personal Mode, also called Pre-Shared Key (PSK) mode. WPA2-PSK affords pretty strong security, but requires some tradeoffs for usability. Its main foible is that it shares a single passkey among all APs in the Wi-Fi network, so a compromise in the passkey would threaten the entire network.

The good news is that, unlike earlier 802.11 security versions, the key isn’t sent over the air, and it is not discoverable by backing out of the data transmitted, says Guderian.

“The biggest risk is that an administrator puts the passkey on a Post-It note and someone reads it,” he says.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Withdrawn Black Hat paper hints at security flaws
2. 3Com to spin out TippingPoint
3. Gartner to IT: Avoid Apple's iPhone
4. Lawyers show how to avoid hiring an American
5. The $2.3M home lab of Quadruple CCIE
6. The most-hyped tech products of all time
7. CIOs leery of iPhone
8. Giving an interview gets a guy fired
9. Parallel system 100X faster than PCs
10. Microsoft security group on 'worst jobs' list

MOST-DOWNLOADED PODCAST:
Network World 360: Operation Bot Roast, search engine roulette and more


Contact the author:

Joanie Wexler is an independent networking technology writer/editor in California's Silicon Valley who has spent most of her career analyzing trends and news in the computer networking industry. She welcomes your comments on the articles published in this newsletter, as well as your ideas for future article topics. Reach her at joanie@jwexler.com.



ARCHIVE

Archive of the Wireless in the Enterprise Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments: