The Delicate Balance of Wireless Security

In the Home

Home networks aren't vulnerable because people don't care about security. Most of us have experienced the frustrations of viruses and spyware, and we're inundated by media reports about war-driving, like the one featuring one of my university colleagues demonstrating a parking lot attack on a network at City Hall. No, the real problem is that products are just too hard to use.

But things are improving. Chipmakers such as Broadcom and Atheros have invested significant resources to pave the way for easy-to-use WPA (Wi-Fi Protected Access) security services aimed at home users. Initial efforts to meet these needs were ill-conceived, often tying users to clients and APs built on the same chipset, but new offerings provide more flexibility. However, chipmakers can do only so much. Better support is required in the client OSs themselves, so Microsoft and Apple must do their part. And looking beyond today's home wireless model, which is PC-centric, vendors must figure out how to secure all those wireless VoIP telephones, televisions and audio systems as well. With an increasing number of people working from home, these residential wireless problems often fall into the lap of enterprise IT.

At Work

Enterprise network architects face even more serious security challenges integrating wireless into production LANs--not only in selecting the appropriate hardware and software, but also in defining effective policies and making services accessible to users. Too often, wireless security policies are designed to create the illusion of security. The front door may be equipped with the latest superstrength deadbolts, but the windows are left unlocked.I've seen more than one network manager take a hard line on wireless security while letting more significant network vulnerabilities go unaddressed, often because they weren't as visible. In these environments, wireless security is a no-compromise issue, the consequence of which is a search for the perfect, risk-free solution--one that doesn't, and may never, exist. That approach often leads to rogue departmental deployments that provide an even greater vulnerability. Stamping them out is as painful as it is expensive.

Wireless security demands careful juggling of technology, risk assessment and politics, and it demands more effective industry solutions. The standards are here. Now it's time to address implementation. While we do so, let's not ignore new challenges, including the provision of wireless guest access, that force us to re-examine the delicate balance between risk and responsiveness. Nobody is advocating unfettered access, but any solution that fails to focus on user needs is destined to fail, in the home or at work.

Dave Molta is Network Computing's senior technology editor. Write to him at [email protected]