News

Microsoft updates XP to give better wireless security

Microsoft has announced a free Microsoft Windows XP download to support WiFi Protected Access (WPA), a new standards-based wireless network security solution from the WiFi Alliance.

The new solution is intended to be a replacement for the Wired Equivalent Privacy (WEP) standard and offers more-robust methods of data encryption and network authentication. The result, says Microsoft, "is a new level of protection for customers taking advantage of the wireless features in Windows XP."

The company hopes this will make people more confident in wireless. Neil Laver, desktop product boss in the UK, said: "Many IT managers are hesitant to enable wireless connectivity in their organisations due to security concerns, so with standards-based WiFi Protected Access, customers can have more confidence their data will be safer and more secure."

WiFi Protected Access increases security on two fronts: data encryption and user authentication.

To improve data encryption, WiFi Protected Access resolves existing cryptographic weaknesses and introduces a method to generate and distribute encryption keys automatically. The idea is to use more encryption keys, so that even if (unlikely) someone cracks the key, it doesn't get used for very long before it switches to a new one.

The solution also introduces an integrity check on the data so an attacker cannot modify packets of information being communicated.

Finally, so as to improve enterprise-level user authentication, WiFi Protected Access authenticates every user on the network while keeping those users from joining rogue networks.

The download does nothing to force people to use WPA; it just makes it easier to set it up under Windows XP - and unless this security standard is rigorously enforced centrally in a corporation, many people are still likely to regard it as more effort than is justified by the risk.

WiFi Protected Access is a half-way step toward 802.11i, a standard being developed by the IEEE. There is fairly widespread support for WPA inside the WiFi Alliance, with Microsoft quoting two leading members cheerleading for it. From the press release:

"WiFi Protected Access meets customers' needs for an end-to-end, standards-based security solution that can be applied to both new and existing wireless LAN products," said Edward Frank, senior director of Engineering of the Client Server Networking Business Unit at Broadcom.

"Protecting home and business WiFi wireless networks from outside attackers is one of our highest of priorities," said Matt McRae, director of broadband services at Linksys. "Security is key to adding peace of mind and driving adoption of wireless networking. Adding WPA functionality to our wireless products and Windows XP will enable a better user experience while protecting and enhancing privacy for business data and family members surfing the Web."

"If customers are concerned about the security of their WiFi networks, they need to move as quickly as possible to implement WiFi Protected Access," said William Arbaugh, an assistant professor of computer science at the University of Maryland. "WPA addresses known security issues and provides a smooth upgrade path for future security enhancements to WiFi networking."

The Windows XP upgrade supporting WiFi Protected Access is available as a free1 download for both enterprise and home users at its download pages.