RSA Targets WLAN Users with Token-Based Security Product

SecurID offering brings strong authentication to wireless networks

• By Matt Migliore
• 12/18/2002

For RSA, integration between SecurID and WLAN products marks new ground.

Previously, RSA’s partnering program (code named RSA Secured) focused primarily on virtual private network (VPN), firewall, and traditional remote access providers. Amy Speare, a senior product manager for RSA SecurID, says, “This announcement is really a next step in our [SecurID] relationship strategy.”

SecurID is a token-based authentication technology which uses a two-factor process to validate user identity for information systems. Each user is assigned an authenticator, which generates a unique pass code every 60 seconds. In turn, the user combines the pass code with a secret pin number to log into protected systems.

For users of Cisco, Funk, and Proxim WLAN products, interoperability with SecurID fills a need for stronger authentication and access control, which are among a number of glaring security weak points that have hampered the adoption of WLAN technologies.

A recent survey by WorldWide WarDrive, a group that analyzes WLAN security issues, found that 70 percent of WLANs are completely unprotected and fail to incorporate even the most basic security standards or protocols.

Much of the user concern about WLAN security has revolved around “sniffing” of wireless transactions, whereby unauthorized individuals intercept data transmitted over a wireless network. Several early efforts to solve this problem, namely the Wi-Fi Alliance’s release of the Wired Equivalent Protocol (WEP) for securing wireless transactions, have proven insufficient, and the effort to develop a standard method for ensuring the integrity of wireless data is still very much a work in progress.

Another security issue many WLAN users have failed to address is access control and authentication. Vendors of WLAN products have been quick to add features to address these needs, but strong authentication in the form of biometrics and token-based technology remains a nascent concept in the WLAN space. “That’s really the strength that RSA is adding on top of the standard initiatives for WLAN security,” says Speare.

Stan Schatt, a vice president and research director for IT analyst firm Giga Information Group Inc., stresses that enterprises must be careful not to view strong authentication as a one-stop solution for WLAN security. “Strong authentication clearly is one—but just one—of several different things that must be done to ensure security. Dynamic 128-bit encryption, including the AES standard due out in 2004 as part of 802.1i, is necessary. VPNs also are advisable.”

Demand for a standard method of encrypting wireless data is high, and users are eagerly anticipating the release of the 802.1i specification. The spec has been delayed several times already but is expected to solve many of the problems associated with early wireless encryption standards, such as Wi-Fi’s WEP.

In regard to strong authentication, RSA is considered by most industry experts to be a top-level provider. “[RSA] is a security vendor with a long track record and good reputation, and is considered by us to be the most recognized name in time-based token authentication,” said John Girard, a vice president and research director for IT analyst firm Gartner Inc., in a recent conversation with Security Strategies.

According to RSA's Speare, the company has contracts with 88 percent of the world’s leading financial services firms and 82 percent of the Fortune 100. Furthermore, she says, while RSA’s move to bring SecurID to the WLAN market is a first, the company has a lot of experience working on wireless security.

“RSA has been successful in securing wireless networks for many, many years,” she notes, adding that RSA has been working with wireless providers for some time to bring encryption to the market through its BSAFE product line.

Pete Lindstrom, research director for consultancy Spire Security, believes that with the recent growth in the wireless security market there are now a number of solutions available for building a secure WLAN. However, he says, like a traditional LAN environment, enterprises must be diligent in protecting their WLAN from security threats. “The real challenge now is that [WLANs] are hard to manage, not that they’re insecure."