Both value-added resellers (VARs) and technology vendors have been pushing customers to improve the security of wireless LANs, but with only partial success.
Despite its popularity, the weaknesses of Wired Equivalent Privacy (WEP) security protocol are well known; a recent report says it can be cracked in less than one minute. But they're not having as easy a time explaining the dangers, or getting customers to change.
"I've been on a big push for the last two or three years," said John Kindervag, a senior security analyst for Vigilar, an Atlanta-based VAR. "We've had some success, but there are still some people using older technology."
Some end users are hesitant to switch from WEP to the more secure Wi-Fi Protected Access 2 (WPA2) because they consider their wireless networks as being of secondary importance, and have not connected them directly to their main physical networks, said Chris Silva, an analyst with Forrester Research in Cambridge, Mass. Others, especially small- and medium-sized businesses (SMBs), don't want to upgrade because it burdens their small IT departments with extra administrative responsibilities, he said.
For VARs, getting clients to upgrade from WEP is just the tip of the iceberg. Most WEP-enabled network security systems lack the processing power to handle WPA2, so "it usually requires a full upgrade," Kindervag said.
"There's further steps they can take," Silva said. "There's a trend towards integrating more tightly [with] different elements of the security solution."
Wireless networks themselves are "pretty cheap," but it's those associated upgrades that bring the real expenses, said Jean Kaplan, a research analyst at IDC in Framingham, Mass. Still, most end users realize that upgrades -- especially to integrated services -- are worth the investment, he said.
Even if someone cracks a wireless network, an integrated security system can prevent that user from hacking into any of the machines on the network, Kaplan added.
Kindervag likes to offer packages that include intrusion detection systems (IDS), firewalls and desk portals, among other features, he said. Some VARs will combine different vendors' products, but Kindervag prefers to sell all-in-one services offered by one vendor. Although the mix-and-match approach can be more profitable, it often creates compatibility issues -- and customer headaches, he said.
"It's all about keeping customers for the long term," he said.
Kindervag is seeing more vendors offer those kinds of integrated wireless network security services. And those that only make specific products are looking to get acquired by larger vendors and incorporated into their solutions, he said.
Many end users are looking to upgrade their wireless network security in light of highly publicized security breaches at Lowe's and TJX, Kindervag said. Compliance with the Payment Card Industry Data Security Standard (PCI), the Health Insurance Portability and Accountability Act (HIPAA) and other regulations is another major driving force, Silva said.
"[WEP is] not an enterprise-class solution," he said.
VARs can also use other selling points, for example the benefits of restricted-access networks in terms of saving bandwidth, and blocking hackers looking to launch viruses or spam bots, he added.
Let us know what you think about this story; email: Colin Steele, Features Writer.