February 3, 2003
By Galen Gruman, editorial director, IT Wireless
A free newsletter to all IT Wireless subscribers.


This issue's sponsors: NowSpeed | eWEEK | CTIA

IN THIS ISSUE:

Note to readers: Some email clients, such as Lotus Notes, do not properly handle links within an email, such as those above to specific stories. If your email client cannot properly use these links, simply scroll down for the stories. Links to Web sites outside this email should work in any email client.

From our sponsors


GET CONTROL OF WIRELESS ENTERPRISE ACCESS

Find out what 10,000 Enterprise users already know. NowSpeed Mobile Office(TM) behind-the-firewall server is a high performance, secure gateway to Microsoft Exchange(TM) for smart phones, mobile devices and Web browsers. It even includes push notification and fast attachment support. Download a FREE copy and automatically enter to win a Handspring Treo(TM).



SPONSORS: NOWSPEED | eWEEK | CTIA

ADVERTISE

PAST ISSUES

PRODUCT DIRECTORY

SUBSCRIPTION CHANGES

NEW SUBSCRIPTIONS

FEATURE STORY

PRODUCT SCAN

MARKET SCAN

FEATURE STORY:
A Guide to Wireless Security

It's clear that security concerns are one of the biggest barriers IT organizations see when they consider whether and how to deploy 802.11 wireless networks in the enterprise. Wireless's biggest advantage -- open access for people that come and go -- is also its biggest security disadvantage. Unmanaged, a wireless access point can be like a unsecured modem, Ethernet jack outside your building, or server accessible over the Internet to anyone. Based on interviews with security vendors such as NTRU and PsionTeklogix, as well as wireless connectivity vendors such as Symbol Technologies and IBM, here are basic issues that IT and networking administrators should consider when addressing security aspects of wireless LANs. "You want to treat all your wireless connections as hostile," says Daniel Lieman, co-founder of wireless security provider NTRU.

The basic advice is to treat your wireless network like an Internet or dial-up connection and use firewalls, virtual private networks (VPNs), authentication, and encryption to secure wireless access as you would access through the Web or dial-up.

Wireless access points and routers -- the entry points into the wireless network and eventually to the enterprise network -- come with at least basic encryption built-in, the 40- and 128-bit Wireless Equivalency Protocol (WEP). At the very least, this should be turned on, since it requires that users' wireless radios use an IT-issued authentication key. For low-security information, WEP is fine. While someone can snoop the wireless network to try to capture the encrypted key, it requires several hours to get enough traffic to analyze what part of the data stream are the keys. (For specific details of how WEP encryption can be broken, see the University of California at Berkeley Web report that revealed the flaws.) For internal company wireless networks, such as in training centers and conference rooms, that don't leak outside the environment, the chances that someone can snoop on that much traffic is very small.

Most of the stories about intruders scanning for wireless access points and then entering people's networks involve access points for which WEP has never been turned on, making them huge security holes. While such unsecured access points are common in people's home wireless LANs, they typically occur in the enterprise only for unauthorized access points installed by end users. If that's a concern, many vendors offer "rogue access point detection" hardware that can find such unauthorized access points. Another WEP weakness is that many employees have the key and could share it, on purpose or accidentally, with outsiders.

For wireless access points in public areas, WEP alone won't do. The Wi-Fi Alliance, a vendor consortium, has developed the Wi-Fi Protected Access protocol (you can download an overview paper in PDF format) to overcome WEP's weaknesses. WPA is an early, pre-release version of the IEEE's 802.11i standard meant to replace WEP. But WPA has two significant deficits: One, it requires that you get all new access points and client radios (some existing products may be flash-upgradable). Two, it won't be available until this spring. Plus, it will be replaced about a year later by 802.11i, so many IT organizations will decide there are too many security changes to support and simply want to delay any wireless deployment until the 802.11i standard is finalized.

Many vendors of enterprise-class wireless access points, routers, and radios offer additional security in their products beyond WEP. Typically, these provide VPN capabilities and perhaps additional encryptions such as Kerberos or FIPS 140-2 (a federal security standard). FIPS specifies the use of a gateway between access points and the LAN and requires a higher level of encryption than WEP. FIPS essentially codifies good security practice that enterprises should have already deployed for Web and dial-up users. The federal National Institutes of Standards and Technology has put together a PDF white paper on wireless security best practices.

Some companies, such as Psio/Teklogix, offer closed-loop wireless LANs that require all clients to use that vendors' equipment and client software -- this minimizes the chances that an unauthorized user could gain access, even if they had the right authentication codes.

The other issue to consider if you set up firewalls is the architecture of your firewall setup, notes NTRU's Lieman. "Do you have one firewall for each access point or a common firewall that separates the access points as a group from the rest of the network?" Both approaches require ongoing, hands-on management, just as would a series of Internet firewalls. Wireless security vendors all come to this point: Securing wireless LANs is essentially the same as securing Internet connections. While there are some wireless-specific issues related to the 802.11 standards, good basic network security practices will overcome most concerns.

From our sponsors


GET 51 ISSUES OF eWEEK FOR FREE!
Did you know that qualified IT professionals can get eWEEK for FREE? eWEEK -- The Enterprise Newsweekly -- is packed with IT news, vendor analysis, reviews and tech evaluations which help keep you informed and make educated IT buying decisions.
eWEEK (formerly PC Week) is an award winning newsweekly brought to you exclusively by Ziff Davis Media. Act now to secure your FREE subscription!

PRODUCT SCAN:
The Latest in Wireless Products and Tech

There were lots of announcements recently of wireless infrastructure, software, and hardware for the enterprise. Among the highlights:

  • The Java Technology for Wireless Initiative, an industry group, has released a road map  for the various proposed and forthcoming technologies meant to help create Java applications on data-enabled phones.
  • Broadbeam has announced an enterprise development platform for mobile applications. The Mobile Solutions System supports both Java and Microsoft development environments and all major wireless networks and devices. It lets IT departments develop mobile applications such as sales force automation, field service automation, work force management and route sales pick-up and delivery. It costs $5,000 to $7,500 per developer seat, based on volume, while client licenses range from $20 to $284.
  • Intermec Technologies has wireless network software for Windows 2000 Server that lets enterprises deploy its handheld devices over multiple wireless frequencies. In addition to device and network management functions, the new Intermec Gateway and and G4000 Server Appliance let legacy Intermec handhelds work on 802.11b networks.
  • AirWave Wireless has updated its wireless LAN management software to support more companies' access points and automate rogue acess point detection.
  • Aruba Wireless Networks plans to ship later this year wireless switching equipment that include mobile firewalls and automatic Wi-Fi calibration to strengthen security and ease deployment.
  • Linksys is offering a $99 booster module that connects to its 802.11b access points and routers. It claims the booster extends their effective range.
  • AvantGo has updated its Pylon software that provides remote Lotus Notes access to Pocket PC and Palm OS handhelds. Pylon 5.1 adds support for the new Palm OS 5 ARM devices, for Domino and Lotus Notes R6, for the iNotes template, for custom repeating meetings and improved handling of repeating meetings, and for more secure Internet password setting.
  • Onset Technology has announced a verion of its Metamessage wireless-access software for the legal industry. The software lets legal professionals access databases and email from Research in Motion BlackBerry and other devices via wireless connections.
  • IBM has hired High Tech Computer to enable select wireless devices, smartphones, and wireless Pocket PCs with a range of IBM middleware and tools, including WebSphere Micro Environment, WebSphere Device Developer and IBM Embedded Via Voice.
  • IBM has also announced IBM Lotus Sametime Everyplace 3, a wireless instant messaging product that supports mobile phones and a wide range of wireless devices, including Pocket PC and Palm devices.
  • Hewlett-Packard plans to release notebooks with built-in support of the three 802.11 wireless LAN standards: a, b, and g.


Got a great product or technology tip? Send it to news@it-wireless.com.

From our sponsors


CTIA WIRELESS 2003
March 17-19 -- Ernest N. Morial Convention Center -- New Orleans, LA
Register Now -- Today, Feb. 3, is the Last Day to Get the Early Bird Discount !

The largest wireless show in the world!
Live Well, Work Smart, Play Hard -- Wireless makes it possible!



MARKET SCAN:

The Latest in the Wireless Marketplace

There's more evidence that wireless LAN adoption will be a big trend this year and next, as enterprises deploy the technology in increasing numbers.

First, Allied Business Intelligence (ABI) issued a report saying that wireless growth will continue to accelerate as multibillion dollar technology and telecommunications companies such as Microsoft, Intel, Dell, AT&T, and IBM enter the wireless LAN industry. These corporations bring their deep financial pockets and millions of potential consumers to the WLAN industry, the report says. "The WLAN industry will continue to experience stellar growth as deployments in several key markets take place," predicts ABI analyst John W. Chang. "These key markets include residential homes, small-medium offices, enterprises, academic campuses, transportation facilities, health care sites, industrial centers, and at the local neighborhood eatery. Additionally, 802.11a, 802.11g, and dual-band protocols are some of the key catalysts that will accelerate the market adoption of WLAN with its higher speeds of up to 54 Mbps." ABI's research also indicates:

  • The wireless LAN industry will generate $1.67 billion in total revenue through the end of 2003.
  • Dual-band equipment will comprise 53% of the total wireless LAN equipment revenue by 2005.
  • Total wireless LAN nodes shipped will grow from 23.4 million in 2003 to 64.0 million in 2008, as these tech companies continue to spur the adoption of wireless LANs.

Second, International Network Services issued a new report that found that wireless LANs will become a key component of many companies' network infrastructures in 2003. The report's findings include:

  • Within 12 months, more than 90% of network organizations will view implementing or improving wireless LANs as important to their IT strategies.
  • Three goals drive the vast majority of wireless LAN strategies: improving roaming capabilities, lowering network costs, and speeding up network deployments.
  • The top barriers to improving wireless LAN capabilities are subpar security, high cost of commercial-grade products (which makes cost justification more difficult), and the immaturity of the technology.
  • Most wireless LANs will be implemented within a single office building, but within the next year, interconnecting office buildings and a campus environment will become much more common.

And finally, the Yankee Group predicts that more than 50% of large U.S. enterprises will plan to implement a mobile/wireless solution in 2003.


This issue's sponsors: NowSpeed | eWEEK | CTIA
For advertising information, contact Manny Sawit at (510) 583-0855 or msawit@it-wireless.com


From IT Wireless


Tell a Friend!
Forward them this newsletter
Get Expert Information on Wireless Networking

As an IT professional, you know that wireless technologies such as 802.11 promise to provide significant benefits to your organization. Before you go full steam ahead, you need answers to your critical concerns about wireless LANs. Questions concerning security, compatibility and best practices, to name just a few. The IT Wireless Insider email newsletter is now here to help you figure it all out. And coming later this year, IT Wireless magazine!

Get your FREE subscription to the email IT Wireless Insider newsletter today and to IT Wireless magazine when it debuts!



Copyright 2003 EmergeMedia Inc. All rights reserved. This email newsletter may be forwarded in whole via email. Other copying, whether in whole or in part, via electronic or print means, is prohibited without prior written permission of EmergeMedia.

Subscription and account changes:
  This newsletter is sent to all subscribers to the IT Wireless Insider newsletter and IT Wireless magazine; subscribers provided their email address at the time they requested the publications at our Web site and received a confirmation of their subscription at that time. Click here to change subscription information.