It's a new year and time for a new place to live. When I moved in to my new complex last week, I performed a Wireless LAN survey as any self respecting geek would. Perhaps as a sign of things to come, I was quite surprised by the degree of 802.11 Wireless LAN saturation. After walking around for 100 feet, I must have picked up over 50 Wireless Access Points which is nearly one Access Point per house hold. This is easily understandable given the fact that Wi-Fi enabled routers are extremely useful and can be purchased for less than $30 today. The down side of the success of Wireless LAN networking in the home is privacy and security.
Analyzing the Wireless LAN site survey, I was pleasantly surprised by the high percentage of users (roughly 80%) who actually had some kind of encryption on their Wireless LANs. The last time I did a survey at my friend's house two months ago showed only 1 out of 6 home Wireless LANs running any kind of encryption. How effective their security effort is not the point, it's the fact that they're even willing to put up with unfriendly 26 character long WEP keys and the alphabet soup of everything associated with 802.11 is simply amazing.
Unfortunately, the industry as a whole has let the home users down when it comes to security. WEP encryption which is still used by the majority of homes or businesses in some form or other because of downwards compatibility issues is now more of a liability than ever. Even the newer WPA standard that supports TKIP encryption has aweakness in home mode which uses Pre-Shared Keys. WPA enterprise mode which implements EAP authentication is out of reach for the home user until TinyPEAP or something like it becomes standardized and widely implemented. It's almost as if you have a situation where the average home consumer will put on their seat belts in their cars but the seat belts are either completely defective in the case of WEP or too difficult to use correctly in the case of WPA home mode. A lot of companies are focusing on proprietary methods of simplifying Wireless LAN security for the home but they can't possibly succeed withoutinteroperable standards. What is really needed is a simplified version of WPA enterprise mode where all the complexities of PKI and RADIUS servers are embedded and mass produced in to a $60 box running on Embedded Linux and FreeRADIUS. As far fetched as that may sound, remember that such a device already exists in early beta on a TinyPEAP modified Linksys wireless routerwith its owncertificate generator and RADIUS server.