Time to end the Wi-Fi security obsession

Ask most corporate networking managers why they have yet to implement wireless and they are likely to mention security. This would be fair if it were a new technology, but this is not the case anymore. Moreover, managers who continue to obsess about wireless security above all else, could leave themselves vulnerable in other areas.

Admittedly the industry’s first attempt at wireless was poor. It lacked both bandwidth and range, and had easily cracked WEP encryption tacked on. Those days, however, are long gone. Now more man hours are spent on improving security than any other aspect of wireless technology. Today’s wireless users are likely to be far better protected than any others on the corporate LAN.

And on the face of it, that is exactly what you want: secure wireless access that only allows authorised users onto your network and which scrambles the Wi-Fi data as it is transmitted. But what about all the other users, with wired desktops ­ do you know as much about their use and can you be as confident of their security? Probably not. It is still unusual for firms to use anything beyond basic passwords to authenticate users or put tools into place to control what they can do once they are in.

If users are really concerned about security, they need to look at the end-to-end protection of the network as a whole rather than concentrate on wireless.
There are lots of things worth considering, especially user authentication. In fact, I would give up on just using passwords in favour of more secure two- or even three-factor technologies using smartcards and biometrics. These are readily available and straightforward to implement. When deployed properly, support burdens can be significantly reduced.

Next I would look at what users are allowed to do on the network once authenticated. Enforce security policies and lock down devices such as CD/DVD writers and USB storage devices, which are a potent security threat. Tools to limit access to such devices are readily available, but in their absence you can at least make sure this hardware is only provided where absolutely necessary.

Of course, I’d still be concerned with wireless security, but the latest technologies provide a high level of protection and those worries should not get in the way of progress. Wi-Fi is set to become a key part of the corporate networking infrastructure. With the 802.11n standard almost ratified, corporate acceptance cannot be far off. It’s a wise manager who starts planning for its adoption as part of a wider view of network development.