IPSec VPNs, WPA and 802.11i Go take an EAP Encryption that grows on you Security choices Rogue responsibility

Wireless LANs have been billed as the great security wasteland. But thanks to the 802.11b Wi-Fi community's frenetic activity in the last year, an abundance of good security choices now exist, with more on the way.

Wi-Fi security efforts have focused on encryption and authentication, with users essentially getting two choices for locking down WLANs. They can use IP Security (IPSec)-based VPNs or build security architectures around pending Wi-Fi-specific security standards. Within the Wi-Fi standards are more choices.

With such options, corporate users can secure any WLAN, even for sensitive data. "Don't wait for the Holy Grail, or you'll lose an opportunity to invest in an architecture that could be of tremendous benefit," says O.J. Wolanyk, CIO for Memorial Health System in Springfield, Ill.

Wolanyk is overseeing a $30 million, three-year project that will let doctors carry patient data on portable devices while making their rounds, connecting to patient medical records and research sites via an 802.11b network. He relies on an IPSec VPN created by ReefEdge's Wi-Fi authentication server to protect network access while providing Triple-DES encryption.

Wolanyk and other early adopters tell peers not to be scared off by ongoing work on Wi-Fi security standards. Within the next year or so, standards will be final, standards-compliant products will be shipping, and de facto winners of competing underlying security technology will have emerged. Upgrading existing equipment and tossing out the old is typical in the Wi-Fi world users point out.

After all, security isn't the only part of Wi-Fi that could make the access points and client-side antenna network cards obsolete. Speed also is an issue, with the migration from 11M bit/sec with 802.11b to 54M bit/sec with 802.11a or 802.11g, says Thomas Gaylord, CIO of the University of Akron in Ohio. His approach is to go with one vendor, Cisco, for all access points and to rely on Cisco's assurances of future compatibility. He has begun to mix in faster, more secure Aironet 1200 access points (capable of being upgraded to 802.11a, 802.11g and the emerging Wi-Fi security standards) with older Aironet 340 and 350 models. As to the wireless clients, he will rely on a future feature that would autodetect software/firmware versions and upgrade to new versions if necessary, he says.

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports