Security ranks as one of the top concerns of implementers of wireless technology. But there is nothing inherently insecure about WLANs, according to Craig Mathias, principal of the Farpoint Group, a wireless consultancy and analyst firm. "Security is not much of an issue anymore. There is no such thing as absolute security, but today we can make any form of networking very secure. The security standards have improved in the last few years."
Specifically, 802.11i, or Wireless Protected Access 2 (WPA2), is based on the advanced encryption standard (AES) and robust security network (RSN). The state of the art in wireless authentication is 802.1x, the extensible authentication protocol (EAP). These standards operate at the network layer, or Level 3 of the ISO OSI model. Virtual private network (VPN) security based on IPSec can also be applied at this layer for maximum protection. Mathias also recommends encryption of sensitive data.
As with any type of data security, the most crucial element involves the policies, procedures, and culture that underlie the technology. "Every individual who handles enterprise information needs to know if that information is sensitive and, if so, how to handle it properly, as well as the proper procedures in case of a breach," Mathias says. Most companies will need outside help of some sort to design and implement secure WLAN technology. But in any case, Mathias says, "Security should never be a roadblock to implementing a wireless environment."