A few weeks ago, the research firm Gartner, Inc. issued a security warning to users of wireless LANs (WLANs). It said that by year-end 2002, 30 percent of enterprises will suffer serious security exposures from deploying WLANs without implementing the proper security. Gartner advised enterprises to enact some sort of WLAN security plan immediately, even if the official short-term position is to not use WLANs at all.

The research indicated that more than 50 percent of enterprises have plans to buy and install WLAN systems in the near future, but at least 20 percent of enterprises already have "rogue" WLANs attached to their corporate networks.

According to Gartner, the primary risk associated with WLANs is that the over-the-air security built into today's 802.11b WLAN systems is too easy for attackers to break, and most WLAN installations operate without even a minimal level of protection. As one might assume, this is the sort of environment that attracts hackers and their unruly friends.

"Wireless LANs are broadcasting secrets of enterprises that have spent millions on Internet security," said John Pescatore, Gartner research director. "Because WLANs are on every executive's wish list, CIOs should make sure they have security measures in place now. Fixing the exposure after a hacking attack cannot recapture lost intellectual property and sensitive customer information."

Gartner left WLAN enthusiasts with a few security tips to help ease the risk of a break-in. One of the key points was that until next-generation WLAN security standards are defined, tested and implemented in WLAN products (Gartner estimates 2002), IT managers should require IPSec virtual private networks to be run on all WLAN connections.

Well, at least one manufacturer of WLAN routers has taken these security concerns to heart and begun to address the problems identified by Gartner's Research. Canadian vendor Colubris Networks has already added IPSec and L2TP support to its CN1050 line of Wireless LAN Routers.

"It has been proven that WEP security can be compromised within minutes, exposing your network and your data to eavesdropping," said Pierre Trudeau, President of Colubris Networks. "Although many vendors recommend the use of longer encryption keys or are waiting for WEP 2 (IEEE 802.11i) to solve the problem, the inherent flaws in the WEP protocol remain its Achilles heel."

But Colubris believes Gartner's VPN suggestion falls a little short. Although this protects access to the corporate backbone network, says Colubris, it does not protect the traffic between client stations attached to a wireless access point.

"Wireless access points that rely solely on an external VPN server are also exposed", said Trudeau. "To be effective, security needs to be implemented at the entry point into the network, otherwise portions of the network remain vulnerable."

By embedding IPSec and L2TP into its CN1050 range of wireless LAN routers, all wireless traffic is blocked until an authenticated, encrypted VPN tunnel is established with the Colubris Networks wireless LAN router.

"With our CN1050, wireless client stations will have to establish an IPSec tunnel or an IPSec-protected L2TP tunnel to gain access to the network," said Stphane Laroche, Senior Architect at Colubris Networks. "By embedding IPSec in the wireless access point, you now have two-way authentication, enabling the wireless station to also authenticate the wireless access point."