So Long Insecurity

So Long Insecurity

By CWNP On 06/18/2010 - 6 Comments

My wife has a book on her bedside stand called So Long Insecurity, by Beth Moore. I [figuratively] have a press release on my bedside stand called “So Long Insecurity,” by the Wi-Fi Alliance. You may have already read or heard that the compass of the Wi-Fi Alliance is pointed due north on a path to prevent support of insecure security solutions on Wi-Fi certified (read: any Wi-Fi device in the competitive marketplace) devices.

It should come as no surprise that these changes are coming, and it’s good that they are. However, in my typical, critical [of the Wi-Fi Alliance] fashion, I contend that the schedule is on the weak side. :) Here is said schedule.

  • Jan 1, 2011 — WPA-TKIP is no longer permitted on certified APs. WPA2-AES and WPA2-Mixed Mode (AES-CCMP & TKIP) are required.
  • Jan 1, 2012 — WPA-TKIP is no longer permitted on any certified devices. WPA2-Mixed Mode is no longer required.
  • Jan 1, 2013 — WEP is no longer permitted on certified APs.
  • Jan 1, 2014 — WEP is no longer permitted on any certified devices. WPA2-Mixed Mode is no longer permitted.

Along with these changes come much stronger messages from the Wi-Fi Alliance about recommended practices. Specifically, as of Jan 1, 2011, the Wi-Fi Alliance recommends using WPA2-AES and, provided that you are seeking backwards compatibility with legacy devices, WPA2-Mixed Mode. They no longer recommend using WPA or WEP. As of Jan 1, 2013, the stamp of approval for WPA2-Mixed Mode for legacy devices is removed.

These changes by the Wi-Fi Alliance have no bearing on WEP or WPA devices that are already certified and deployed. This impacts new devices only, though it will force some early upgrade cycles and/or redesign steps for enterprises that still rely on legacy security. I’m a little torn on these dates, especially as I ask why WPA-TKIP is out the door so far ahead of WEP—that is, as a “permitted” security solution. Maybe someone who is smarter than me can defend these dates in the comments section and educate me. :) I know there are a lot of WEP devices out there still, and I suppose it will take some time to replace them, but WEP is the old clunky car that hasn’t started for years, and TKIP is the temperamental but still operable family sedan. Why are they abandoning the one that works and preserving the rust bucket for so long? 2013 is two and a half years from now, and it’s after the end of the world in 2012. The economy is still pretty sad, but I think they could’ve been a bit more aggressive in their phase-out dates. If companies don’t want to upgrade from WEP, they won’t have to. But, as I opine, the Wi-Fi Alliance should be phasing out WEP in newly certified devices sooner.

Anyway, that’s the news of the week. The course is set. The anchors are up. The Wi-Fi Alliance is saying so long to WEP and TKIP...eventually.

Tagged with: wi-fi alliance, WPA, WEP, legacy security, WPA2

0 Responses to So Long Insecurity

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

-Darren
Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

-Ben
Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

-Glenn
Read More