Security holes limit government use of wireless nets

Security holes limit government use of wireless nets

Protocol used for 802.11b standard is not strong enough for information at 'official use only' security status, expert says

Wireless networks are fast to set up and flexible enough to let workers roam through an office or campus.

But 'you would not want to trust anything sensitive to today's 802.11b' wireless LAN standard, said Maj. David A. Nash, an electrical engineering and computer sciences instructor for the U.S. Military Academy at West Point.

The Army has a moratorium on wireless LAN use, said Lt. Col. Daniel Ragsdale, director of the department's information technology and operations center.

'They're flushing out a lot of security issues,' Ragsdale said.

Ragsdale and Nash attended sessions on wireless LAN security at the recent Black Hat Briefings in Las Vegas.

Although improved standards are on the way, current wireless security is inadequate and does not scale well, said Mandy Andress, president of ArcSec Technologies Inc. of Dublin, Calif.

The IEEE 802.11b Ethernet standard operates in the 2.4-GHz band at data rates up to 11 Mbps. Products for the forthcoming 802.11a, which delivers up to 54 Mbps in the 5-GHz band, should be available late this year.

A more secure version of the standard is under development that will provide key management and 128-bit Advanced Encryption Standard encryption. But for now, methods to control wireless LAN access and prevent eavesdropping are not completely secure.

Access can be defined by a device's media access control layer address, but such addresses are easy to discover and spoof, and managing the lists is difficult for large networks, Andress said.

Virtual private networks cut down wireless mobility by requiring users to authenticate themselves when roaming from one server to another. And small VPNs are not cost-efficient.

Tie it tighter

An open-source program called SLAN, for Secure LAN, available at, works like a VPN but is simpler, Andress said, and not very scalable.

Wired Equivalent Privacy, a wireless security protocol, does not use strong enough encryption and is vulnerable to attack. All users of a particular access point share the same encryption key, which is a serious weakness.

'WEP is a fundamental vulnerability' on 802.11b networks, Nash said. Not until its weaknesses are repaired will wireless networks be suitable for classified, sensitive or even official-use-only information, he said.

Despite weaknesses, Ragsdale said, wireless networking does have a role in noncritical environments, such as at the military academy.

But until more security is built in to standards-compliant products, government agencies should be wary of putting their LANs on the air, he said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected