Packet-level encryption and a protocol for the transport layer tunnel can boost security

Say you've taken all 11 steps the GCN Lab recommends to avoid falling victim to wireless hijackers.

You're still vulnerable to a steadfast, determined attacker with the most advanced hardware and software'for example, a wireless monitoring tool like the one from Air-Defense of Alpharetta, Ga. A serious hacker will work hard to gain a view of your network and all its vulnerabilities.

And it won't be easy for you to spot such an intruder either. Wireless monitoring devices generally don't emit signals, they just receive them.

Horrifying? Not necessarily. The newest security technologies aim to secure wireless transactions at the packet level.

For starters, there's a new set of encryption rules to replace the weak Wired Equivalent Privacy protocol. The Temporal Key Integrity Protocol (TKIP) encrypts every transaction at the packet level and also encrypts each packet with a one-time rotating key. That much security would be incredibly difficult to breach.

Jeff Platon, senior director of product marketing and security for Cisco Systems Inc. of San Jose, Calif., described TKIP as overkill erring on the side of caution.

TKIP, being fairly new, works only with newer wireless access points and clients and is server-based unlike WEP, which doesn't require a dedicated machine.

Another new measure, the Protected Extensible Authentication Protocol (PEAP), secures a wireless transaction over a transport layer tunnel. It checks up on the wireless client through the remote authentication dial-in user service and validates the client using a password, certificate or token transmitted by the RADIUS server.

According to Platon, PEAP, like TKIP, should be strong enough to keep wireless administrators from losing sleep over the security of wireless networks.

Platon also predicts a shift in which wireless networks will require clients to authenticate themselves rather than relying on the networks to do the authentication

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above