New tools fight security flaws in wireless networking

The growth of wireless networking has brought some serious security concerns. Sometimes ubiquitous and easy access to data networks isn't a good thing. Security protocols, such as Wired Equivalent Privacy that is used by IEEE 802.11b, help but have defects. For example, Wired Equivalent Privacy uses a flawed encryption system.A new breed of hackers also is appearing. These hackers, known as war walkers and war drivers, wander around looking for an unsecured wireless network to connect to. Once connected, they map the network for future reference, use its bandwidth or perform some electronic snooping. Another practice is war chalking, in which the hackers leave symbols, much like those used by hobos during the Great Depression, telling wireless wanderers where and how they can grab free bandwidth. Many newer wireless products have fixed the problem by substituting another encryption technology, but managing wireless security is still a challenging task. New tools are needed, including wireless-network sniffers that can seek out misconfigured or unauthorized wireless-access points, and software and hardware tools for providing better integration of user authentication with wireless systems used by hard-wired users. Well-established federal standards help keep government networks secure. Among these is the National Institute of Standards and Technology's Federal Information Processing Standard publication 140-2, Security Requirements for Cryptographic Modules.Many new wireless systems support enhanced encryption as well as authentication systems. So the number of systems certified as FIPS-140-2 compliant is bound to grow over the next year.Even if you don't yet have a requirement for FIPS-140-2 compliance, it's time to start pushing it.Kevin Jonah, a Maryland network manager, writes about computer technology.