Wireless access security scheme gets tryout
- By William Jackson
- Jul 29, 2004
LAS VEGAS'Paul Wouter of Xelerence Corp. of Canada, is a fan of IPsec. The company maintains and develops Opswan, the Linux IPsec implementation, and he thinks IPsec should be the default tool for wireless connections.
Wouter used the Black Hat Briefings this week to test a prototype IPsec wireless authentication scheme called WaveSEC for Windows clients.
The computer security conference provides wireless network connections for its attendees, but the security-conscious crowd is leery of the notorious shortcomings of the 802.11 family of wireless LANs. Instructions for using the conference's network carry the warning, 'surf at your own risk.'
But this year's conference is using a WaveSEC overlay on the network and the CD of proceedings includes an X.509 digital certificate that lets users help work the bugs out of the tool.
'It's not magic,' Wouter said. 'It is not host-to-host encryption. It just encrypts the wireless.'
The WaveSEC prototype is loaded on a separate server and uses X.509 certificates or an access point 'fingerprint' to authenticate users on the system. Wouter said the next step in WaveSEC development is to incorporate it on a commercial Linksys access point, which uses Linux.
But tests at an earlier Black Hat conference in Europe demonstrated a number of problems that need to be solved before it is ready for commercialization. For instance, the IPsec-off function does not always work on a notebook computer when it is shut down.
'You could lose all connectivity with your laptop' when it is restarted if Windows re-installs the IPsec policies, Wouter said.
Like the instructions say, 'surf at your own risk.'
William Jackson is a Maryland-based freelance writer.