Better 802.11 Security

If you've delayed setting up a wireless network because of security concerns, help is at hand. Around the time you read this, improved security technology for all variants of 802.11 should be available as free firmware downloads from most equipment vendors.

The new technology--known as Wi-Fi Protected Access (WPA)--replaces the existing and largely discredited Wired Equivalent Privacy (WEP) security algorithm that is part of the 802.11a, 802.11b, and 802.11g standards. WEP became an obstacle to widespread business adoption of Wi-Fi when security experts showed that hackers equipped with off-the-shelf tools could easily break it. The relatively robust WPA supports user authentication by a dedicated server on a corporate network, while being versatile enough to work well on simple home and small-office networks.

The Institute of Electrical and Electronics Engineers, which develops 802.11 and other technical standards, was already working on 802.11i, a version with improved security. But that standard probably won't be implemented for a year or more, and it may require hardware upgrades. So the Wi-Fi Alliance--the trade group that certifies the interoperability of its members' products--decided to step in with interim technology that works with existing hardware.

WPA is actually a subset of 802.11i's components. It uses Temporal Key Interchange Protocol (TKIP), a more secure encryption-key technology than WEP's RC4. When ready, 802.11i will incorporate an even stronger hardware-based encryption technology called Advanced Encryption Standard (AES).

If you'd like to beef up the security of your existing Wi-Fi network, check your equipment vendor's site for a WPA firmware download. Make sure upgrades are available for all of your equipment: Some routers may work with WEP clients after the upgrade, but many probably will not. Vendors may not offer WPA software for all older products, but if your vendor does, you should use it. Among other things, this will prepare you for expansion: All new Wi-Fi products certified from September on will have WPA (instead of WEP) built in.