Proponents of the standard said that the 802.11i specification could have an immediate impact on VPN infrastructure, which could be relegated to a lesser role inside a corporate network.
The standard was ratified on 24th June at an IEEE standards committee meeting in Piscataway, N.J. The 802.11i standard adds a needed layer of security to Wi-Fi, which has become widespread both in the consumer and corporate spaces.
Early attempts at security, such as WEP (Wired Equivalent Privacy), provided some basic security but were derided as too easy to crack.
“Intel is ecstatic,” said Robin Ritch, director of security industry marketing for Intel Corp. in Santa Clara, Calif., who said all of the company’s Centrino chip sets, including the older models, are compliant with the specification.
As expected, vendors are already rolling out firmware enabling 802.11-compliant security protocols, although the software won’t officially be pushed to customers until September, when the Wi-Fi Alliance is expected to begin interoperability testing to make sure devices can talk to one another, Ritch said. Devices compliant with the 802.11i spec will likely be certified as compliant with WPA2, the second generation of Wi-Fi Protected Access, she said.
802.11i’s encryption protocols are based on the AES (Advanced Encryption Standard) and meet the limited encryption requirements for the Federal Information Processing Standard 140-2 specification for the protection of sensitive information.
The new standard will add Layer 2 security to a Wi-Fi card, sufficient for wireless access inside a corporate network, Ritch said.
In the early days of Wi-Fi, Intel recommended users connect to a VPN while roaming wirelessly, even when inside their corporate network.
The security provided by 802.11i is sufficient enough that IT managers can eliminate VPNs except when workers are connecting remotely, such as at a hotel, Ritch said.
Intel’s own IT staff plans to relax its security restrictions, she said, eliminating the use of internal VPNs while employees are inside their own network.
Chris Bolinger, manager of the Field and Partner Marketing team in the Wireless Networking Business Unit of Cisco Systems, Inc., Santa Clara, Calif., said it is natural that some customers will want to migrate away from VPNs to standards-based solutions such as 802.11i. However, many customers will also stay with WPA unless they’re given a compelling reason to move to AES, he said. “We’ve always tried to provide solutions to meet customer demand in the wireless LAN space,” Bolinger said.
The performance penalty users will pay for turning on the additional 802.11i functionality is unknown. In tests of Intel’s Grantsdale/Intel 915 chip set, for example, turning on high-definition audio features integrated into the chip set required a significant amount of CPU power, according to a recent ExtremeTech review. Intel spokesman Mark Miller said Intel had not tested the effects of the new 802.11i firmware on battery life to his knowledge, but he estimated that the effects would be “negligible” on the battery life of a Centrino-based notebook.
http://www.eweek.com/article2/0,1759,1616979,00.asp