ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Communications

Mobile working Toolkit

Secure Wi-Fi hot spots rolled out

Tags:
WPA,
Wireless

Graeme Wearden ZDNet.co.uk

Published: 05 Oct 2005 13:05 BST

Wi-Fi operator iBahn has spent hundreds of thousands of pounds upgrading the security of its public access points.

iBahn announced on Monday that all its wireless hotspots in the UK and the US now support the WPAsecurity protocol. WPA, which is based on the 802.11i standard, encrypts data sent between a user's laptop and the access point, and is more secure than the earlier wireless security protocol WEP which is much more vulnerable to hackers.

IBahn claims it is the first wireless operator to install WPA at all its wireless hot spots, although T-Mobile announced last year that it was making a similar move. The company hopes that adopting WPA will boost its appeal with business users.

In a demonstration at a London hotel, iBahn showed that without encryption it is simple for someone using packet-sniffing techniques to obtain information, such as usernames and passwords, that are being transmitted over the network.

Graeme Powell, iBahn's managing director, explained that upgrading to WPA was a time-consuming and expensive operation. iBahn's older access points did not support two SSIDs — one for WPA, and one for other connections — so these had to be replaced.

"We have more than 900 wireless hot spots, each with between one and 80 access points," said Powell. "The newer access points could be updated remotely, but the total cost of the upgrade was over $1m."

Around 200 of these access points are located in UK hotels, such as the Hilton and Marriott chains.

WPA was introduced after researchers discovered how vulnerable WEP was to attack. WEP uses a security key generated from a passphrase known by both the user and the access point, to encrypt and decode data packets. In 2001, it was proven that an attacker who intercepted a relatively small number of packets would be able to deduce the key.

WPA, and its successor WPA2, distribute different keys to individual users, and will also shut down if an attack is detected.

Another way of protecting data is to run a VPN , giving a secure tunnel to the user's corporate servers. According to Powell, most of iBahn's customers use VPNs already, but irregularly.

"Often they will only run the VPN when they want to access their work email. With WPA, they're protected straight away," said Powell.