Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, April 18, 2005

Expanded Wi-Fi certification brings confusion, says Gartner

While they expand the test matrix against which all wireless LAN (WLAN) products will be tested for WPA/WPA2 certification, Gartner says, the move comes late and with questions.  The Wi-Fi Alliance will still call the ‘new’ certifications WPA and WPA2 and will allow a grace period during which ‘old’ WPA and WPA2 certifications can still occur.

As if Wi-Fi standards are not confusing enough, last week’s addition of four widely used Extensible Authentication Protocol (EAP) types by the Wi-Fi Alliance will make your head spin.

WPA certification will be more confusing than meaningful for enterprise decisions until at least 4Q05, when it becomes mandatory for vendors to pass ‘new’ WPA2 certification.

Additional confusion will undoubtedly result after Cisco and Microsoft likely introduce a new or enhanced EAP type in coming months which will require the Wi-Fi Alliance to conduct further interoperability testing, according to Gartner.

And the Wi-Fi Alliance is reserving the term “WPA3” for new IEEE 802.11 security features rather than for security testing extensions, further contributing to the confusion around WPA and WPA2 certification through at least the first half of next year.

Gartner says to simply select the authentication approach that best meets matches your business, IT and security processes, regardless of Wi-Fi certification.

Posted on 04/18