WLANs need VPNs - but only for the next six months

Virtual private networks (VPNs) are the only way to secure corporate wireless LANs in the next six months, says Intel. Standards efforts will eventually produce secure WLANs, but for now security methods intended for wide area networks must be implemented in office LANs, the company says.

Users have been concerned for some time about security on WLANs, as hackers near a WLAN can log in to base stations or eavesdrop on data traffic. To combat these threats takes authentication and encryption, but so far WLAN-specific solutions have not been good enough. WLANs are widely used by businesses to make it simple for mobile users to connect and disconnect to the company network.

The IEEE's Wired Equivalent Privacy (WEP) standard uses the RC4 encryption, but the way WEP selects keys has turned out to be predictable, making it too easy for hackers to eavesdrop. The fix will involve "fast packet keying", which quickly produces individual encryption keys for each packet transmitted.

This work, known as the Advanced Encryption Standard (AES) is being combined with a proposed 802.1x standard for authentication. Current implementations of 802.1x are proprietary. Both 802.1x and AES are expected to reach fruition in about six months, according to Intel.

"VPNs will be required by corporates using WLANs," said an Intel spokesman. "SOHO users will not need that level of security and corporates are very likely to already have VPN technology installed on mobile devices."

If it moves, we cover it. See ZDNet UK's Mobile Technology News Section for the latest news, reviews and price checks on mobile phones, PDAs, notebook computers and anything else you can take away.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Telecoms forum.

Let the editors know what you think in the Mailroom. And read other letters.