The growing adoption WLAN or Wi-Fi may pose new security challenges. Wireless LAN networks have been found prone to unauthorized access, breaking of encryption and loss of data integrity. And excepting some of the well-known vendors of WLAN products and solutions, most vendors do not use any accepted security standards. There are inherent weaknesses in Wireless Encryption Protocol (WEP) as defined by IEEE 802.11b, the standard for wireless LANs, and these weaknesses exist regardless of the length of the encryption key used. The weakness of most wireless LANs is their use of static WEP keys shared among user. However, users can now look forward to enhanced wireless security solutions that offer more sophisticated key management techniques and dynamic encryption keys. There are a number of other technologies that are deployed to provide security. These include the use of tunnelling technology and strong-128 bit encryption and above, layer 2 security through the use of access control lists to prevent unauthorized people from accessing the network and authentication mechanisms (for example RADIUS), to verify the identity of the person before providing access. However, things are changing on the security front.

Very recently, the Wi-Fi Alliance (that includes many big names including Microsoft, Intel, Cisco and Apple) announced that establishment of WPA (Wi-Fi protected access) standard. WPA uses most of the current 802.11i draft to repair problems in WEP, the first line of defense for Wi-Fi networks. WEP’s goal was to encrypt packets in transit at the data link layer to deter unauthorized network access. WEP failed in its attempt, however, through several cryptographic flaws that resulted in rapid key reuse. These flaws leave the link layer unprotected by Wi-Fi, and thus banished it outside the firewall where protection is provided at higher network layers by VPN, SSH, or other tunneled encryption methods. WPA solves the problem by abandoning WEP in favor of 802.11i’s vastly improved Temporal Key Integrity Protocol (TKIP). WPA ensures that TKIP keys vary for each packet through key mixing. WPA also increases part of the key space and adds encrypted packet integrity to reject inserted packets. WPA includes full support for server-based authentication using the 802.1x protocol and Extensible Authentication Protocol (EAP), both part of the interim 802.11i draft.

WPA would be available in Wi-Fi (802.11b) certified products during the first quarter of 2003, with most equipment manufacturers offering firmware and software updates at that time.