WiBy Baselinemag | Posted 2003-11-01 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Wireless local-area networks are notoriously insecure. But that's not stopping companies from cobbling together technologies.
Many see Wi-Fi—and the new applications it enables—leading to tangible payback. Clerks at stores owned by Orlando, Fla.-based beverage retailer ABC Fine Wines & Spirits, for example, save about five hours per week now that they scan incoming inventory and place resupply orders using Palm handheld devices and a Symbol wireless network instead of paper and fax. Multiply that time savings by 150 stores, and you're talking big bucks, says Guy Ledbetter, ABC's help desk manager.
Business furniture maker Steelcase is testing phones that work over the Wi-Fi network covering public areas on the company's Grand Rapids, Mich., campus, says information-services director Bob Krestakos. Once in use, the Internet Protocol phones will take a big bite out of Steelcase's corporate cell-phone bill, up to 30% of which represents calls made within the Steelcase headquarters.
Some organizations use the 801.1x approach for wireless authentication and encryption, even though there are multiple implementations of the young standard. That inconsistency means it's difficult to make wireless access points and wireless devices from different vendors work securely together.
CareGroup's Halamka, for example, uses Cisco's LEAP to secure his wireless network, but only because doctors and other hospital personnel use company-supplied laptops equipped with LEAP-compatible network cards and software.
That won't work for providing wireless Internet access to hospital visitors who bring along their own laptops. For them, Halamka plans a different tack: install a wireless-security gateway that can authenticate visitors with any kind of laptop. The gateways can also be used for some wireless-management functions such as automatically controlling how much Wi-Fi bandwidth is parceled out. Such gateway products are not inexpensive. Enterprise versions of Bluesocket gateways, for example, capable of supporting 100 users, start at $6,000 and go up to $13,000 for a 400-user version.
With mixed results, some organizations are tinkering with wired security technologies for the wireless world. Last March, at the University of Massachusetts at Amherst, network analyst Christopher Misra extended an existing virtual private network to cover a new Cisco wireless network. Because it was already installed, staff knew how to manage it. And the private network offers strong encryption via the Internet security protocol that uses public keys.
But that approach also caused complications—it requires users to have specific software installed. While most Windows laptops come with virtual private network software built in, the same is not true of many handheld devices or Macs. Also, such virtual connections aren't designed for mobile applications, and connections often get dropped as wireless users roam between access points. Misra is now considering augmenting the approach with Bluesocket's Wi-Fi security gateway.
One thing that Misra and other technology managers are not considering, however, is backing away from wireless until security standards become more solid. "People are used to wireless now and expect it," says Steelcase's Krestakos, who supports more than 1,000 Wi-Fi users today. "It's improved [teamwork] and collaboration. The benefits outweigh the risks."