Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

WiFi's security secret - authentication

Want wireless authentication on-the-cheap?

Article comments

In a conventional wireless network, the biggest worry is with rogue clients gaining access to the access point (AP), or the traffic travelling to it. With public wireless networks, however, the phenomenon of wireless insecurity is reversed. Is the access point being connected to the real one?

The best known example of this phenomenon is the “evil twin”, a fake hotspot used to extract information (credit card data) from a user tricked into thinking they are using a legitimate wireless service. Typically, the legitimate base station is jammed and users are invited to log-in to the fake man-in-the-middle site instead.

As public WiFi services usually charge users a fee before they enter, they are asked to enter credit card information at that point, which the scammers then use to rack up bills. It’s been described as the wireless equivalent of a phishing scam.

There is little evidence that this technique has ever been used on any scale, but it is obvious that entering data into a web page via a wireless link is fraught with risks.

The easy answer is to use encryption, but very few “connect-as-you-go” services force it on the public as they would end up with no customers – turning on wireless encryption is still the exception. And what sort of encryption might they turn on? WPA-PSK, or full WPA is the bottom line for properly secure wireless communications, but it is not yet supported universally.

Thinking laterally, it is possible to bypass WiFi encryption completely and use either application-specific encryption (PGP encryption of email for instance), or fire up a VPN client and use the Secure Sockets Layer (SSL), which creates its own encrypted tunnel between a client application and the web servers or applications being accessed. Requiring a VPN device in the company premises, this is not something that a small business would necessarily be able to offer, however.

A small number of ISPs are starting to offer VPN clients for the SME or lone user, and the cost need not be high. One such company is Witopia, a US-based outfit that also offers wireless authentication subscriptions (more on this below). The cost is modest for what is on offer – about $40 a year for Mac/Windows PCs.

More authentic still
A different way of ensuring that both the client and access point is genuine is to use authentication, which in wireless terms means using the EAP/802.1X admission control protocol. If a client isn’t genuine it can’t authenticate, and the same applies to a rogue access point. Just as encryption can be set on AP and client to shut out any PC not possessing the correct key or keys, so the same process can be set up to ensure that all stations on the wireless network are who they say they are. For any really secure wireless network, data encryption is only the first step; authentication is a necessary second step for complete security, just as it is, come to think of it, in the world of wired communications.

Authentication sounds a bit intimidating, and it remains overwhelmingly a corporate technology. However, a few companies, such as aforementioned Witopia, are now offering remote authentication for the SME or lone users without them having to have access to their own 802.1X-based RADIUS login. (An equivalent service is being offered by a company called Boxed Wireless.)

As long as the access point and client NIC support remote authentication (all recent ones do), the Witopia service can be set up in minutes. Once the log-in details have been configured on the AP and PCs accessing it, from then on any new PC accessing the WLAN access point will have to authenticate itself using the service before a connection can be made.

It works on similar principles to data encryption, requiring each client to possess an encrypted key (that changes on a cycle), and a valid account. Before network access is granted through the AP, and before the WPA encryption key exchange has been initiated for data movement, this key must be verified remotely from the AP on Witopia’s servers.

The entry level version of Witopia’s WiFi authentication service can secure from one to three access points, and up to five user accounts, for an amazingly low $9.99 a year, excluding a one-off activation fee. The small business version can handle from one to 10 access points and up to 100 users for between $198 and $332, an ongoing cost of $14.99 per access point, per year.

Techworld will review Witopia’s authentication service in more detail in April.

Ordinary users should be jumping on such a service, but sadly they won’t for some time. It is still seen as something for the paranoid. However, the great saviour of authentication could turn out to be public WiFi. As already discussed, with public access points, you need to be very sure that what you are connecting to is genuine, and authentication services are sure to kick off when the public finally wises up to this.


Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *