802.11: Why are we still hedging?

Highlights

• Industry pundits and prognosticators are quick to label 2003 as "The Year of the Wireless LAN," but there are still some important issues to resolve in terms of acceptance, security and good, old-fashioned politics.
  
• Wireless vendors and developers continue to sell technology over solutions, and in most cases are engaged in a price war with their counterparts. Also, 802.11 wireless service providers charge exorbitant rates for hot spot access, which is an expensive inconvenience for travelers who routinely hop from city to city.
  
• 802.11 wireless vendors may tell you the technology is safe enough, but this may not be secure enough for sensitive applications and data. The current wireless technology is still based on wired encryption protocols (WEP) and therefore inherently not as secure as it should or can be. While WEP-based standards and protection is fine for most applications, they mostly exist as a warning sign to determined hackers and are not impervious to unauthorized access.
  
• A user's best bet is to keep informed. Ask wireless equipment vendors specific questions about their security strategies and plans, as well as their ability to adapt to changes as new specifications are developed. Also, make sure the systems you adopt are both forward and backward compatible with your applications and evolving products and technology.
  

• Also, be aware of the compatibility and incompatibility of wireless devices. Look for systems that have been tested and approved by independent agencies such as ICSA Labs, Inc.

***

By Tim Scannell

If there is just one thing we learned having just breezed in and out of COMDEX/Las Vegas is that next year will either be very busy or very confusing, depending on where you get your information and how much you trust the source. The overwhelming technology 'buzz' at this year's event – which may very well be the last if rumors in the industry are true – was wireless networking. Wireless systems and products were scattered throughout the exhibit floor, ranging from the latest in secure routers and access points to cheapo wireless LAN (WLAN) cards and Compact Flash (CF) devices.

Symbol Technologies even hosted a wireless depot located just outside the main entrance to the Las Vegas Convention Center's exhibit hall, which created minor traffic problems as people camped out to check their email or hung over balconies to catch a stray 802.11 signal. We managed to log on and access our email by squeezing onto floor space just outside the rest rooms, a suitable location given the content and quality of most of the messages we get each day.

A number of speakers at COMDEX made the bold prediction that next year will most certainly be 'The Year of the Wireless LAN', or more specifically 'The Year of the 802.11 Wireless LAN'. Others, perhaps not so plugged into reality, proclaimed 2003 as the 'Year of the LAN', and even the 'Year of the Wireless Tablet PC'. Okay, that last proclamation was primarily touted by Bill Gates and he obviously has a vested interest in putting the right name tag on a year.

As we made out way out to Las Vegas on Sunday, via the Minneapolis-St. Paul airport, we scanned a column in the New York Times, written by a well-known economist, who maintains that wireless development and deployments will essentially be the force that pulls the technology sector out of the doldrums and back to measurable growth and expansion. We tend to agree with this assessment, especially as wireless technology is positioned as the pipeline for cost-effective and ROI-centric mobile applications and services.

Discounts and Dissension
We are, however, are a bit more conservative when it comes to making calendar assumptions. If anything, we believe next year will still be the 'Year of Living Dangerously' for most vendors and software developers, since we are really only at the early stages of wireless and have yet to really solve a number of tiny and not-so-tiny problems associated with the technology and it use. Consider the following:

•  

• Wireless vendors and developers continue to sell technology over solutions, and in most cases are engaged in a price war with their counterparts. When they are not discounting wireless cards and access points, they are developing pricier systems that tweak the 802.11 standard to such an extent that these systems may not work well with the wireless products offered by other competing companies. In some cases, paying double or triple the cost for a device is okay of it offers a higher degree of security and manageability than your average off-the-shelf product. In many instances, however, this is not the case. A fair number of vendors develop hybrid products that only work with their systems in order to lock the customer into their sales strategy (and lock out the competition).
  
• A lot of 802.11 wireless service providers – setting up so-called hot spots throughout the country – seem to think it is okay to charge exorbitant rates to each and every user who logs onto the system. Granted, these wireless entrepreneurs are providing a needed service, and therefore should be compensated. But, not at rates that would make even television's Sopranos blush with embarrassment (or envy, since these costs are often akin to loan-sharking rates!).
  
• We tried, for example, to wirelessly log onto the hot spot at the Minneapolis-St. Paul airport, we were abruptly stopped short when asked to pay a $7.95 daily rate – not especially cost effective, considering we only had a few minutes between flights. We decided instead to check email with out Palm i705 and its Cingular cell connection and suffer the constraints of a limited user interface rather than fork over what we thought was an inflated fee.
  
• Wireless carriers like Verizon and T-Mobile are already offering or have plans to launch 802.11 services to supplement their cellular network. We feel it is only a matter of time before they develop a multi-network package that accommodates a smooth transition for different wireless networks. In fact, notebook and systems manufacturers have already started to incorporate multiple antennas and access technologies into their designs.
  
• If content is king, why is wireless technology still wearing the crown? It is already pretty clear that you don't have to be a brain surgeon to establish a modest little wireless network, so there really is no reason to charge especially user fees for basic access. If you want to cover costs, then strike a deal with a few local advertisers to cover expenses and make a few dollars. Localized wireless access should fall into the same category as community shopper newspapers, which by the way can make a pretty good profit from advertising subsidies. Want to make a little more money? Then charge users a few cents for accessing premium sites that may be under agreement with you and can charge a little extra for their content. Better still, have the airlines pick up the cost to make up for the meals they no longer serve and additional fees they no charge to anyone who pays less than a king's ransom for an airline ticket.
  
• No matter what the 802.11 wireless vendors tell you about the safe enough security of their wireless networks, the technology is still based on wired encryption protocols (WEP) and therefore inherently not as secure as it should or can be. While WEP-based standards and protection is fine for most applications, those in the know claim it basically provides a No Trespassing sign for unauthorized users – meaning it clearly informs these users that they are trying to enter an area where they may not have authorization. Crackers and hackers who want to get in essentially will get in if they are diligent enough, or a company is does not establish specific safeguards. The difficulty, though, is in finding the balance between strong safeguards and a log on procedures that does not demand too much from authorized users. The IEEE I presently working on an updated 802.11 specification, but this may not be available to vendors until late next year.
  
• This leads us to our next concern in wireless: If a secure 802.11 wireless standard is still in transition, why are vendors creating products now that incorporate some of the early recommendations and suggested improvements? It would seem to be a better idea to wait until a standard is defined and approved before developing products that adhere to something that may change over time. Wireless manufacturers will argue that anything they adopt now can easily be expanded or changed, as the IEEE gets closer to its final recommendations. Also, there are security technologies available out there now that can layer safeguards on top of applications and network environments to protect a jittery user.
  
• While many experts in the wireless industry agree this is a reasonable safe route to travel, we can't help but recall the vendors who made the mistake of coming out with early Bluetooth products before the specification was firmly and finally established. The result, in some cases, was products that were basically incompatible with subsequent versions of the specification. Not a huge deal in the case of Bluetooth, since it had limited use and saturation at that point (and even today!). But, this can be a considerable problem given the current installed base and expected growth of 802.11 wireless.

A sensitive issue
Of all the points noted above, security and access control are easily the most important and critical problems facing 802.11 wireless right now. It is the nasty little secret that most everyone knows about, but tends to ignore it since most of the content ping-ponging back and forth over the airwaves is pretty harmless in nature – the stuff that is suitable for accessing outside convention rest rooms, if you recall! However, in order for wireless technology to grow beyond just being an interesting technology into a highly effective tool, it must be used to transport more than non-sensitive information. A wireless system is only as good and effective as the information it carries, and in most cases this will be highly sensitive mission-critical data. As this happens, then the security of these systems becomes more of an issue than an annoyance.

What can users do at this point to make sure they do not travel the wrong route as secure systems are developed? Keep informed! Ask wireless equipment vendors specific questions about their security strategies and plans, as well as their ability to adapt to changes as new specifications are developed. Also, make sure the systems you adopt are both forward and backward compatible with your applications and evolving products and technology.

You may not be able to personally test the compatibility of each and every device, or check to see if a particular vendor is do their best to keep up with changes and developments. Fortunately, there are independent organizations whose job it is to maintain some semblance of order in a wireless society. One good place to start is at ICSA Labs, a testing group that is a division of TruSecure Corp. (www.icsalabs.com), which tests and certifies a variety of wireless and Internet-based technologies. Also, look to us to provide more information on this group and others, as well as important developments in 802.11 and other wireless technologies.

About the author: Tim Scannell is the founder and chief analyst with Shoreline Research, a Quincy, Mass.-based consulting company specializing in mobile and wireless technology and initiatives. He is also the Editorial Director and a member of the management team of Modezilla.com (www.modezilla.com), a mobile and wireless venture focusing on worldwide trends and developments in wireless and highly mobile systems. Scannell has more than 20 years of experience as a writer and editor in the computer industry, working on such publications as Computerworld, PC Products, Mini-Micro Systems, Systems Integration and most recently Computer Reseller News. You can reach him at: tjscan@shorelineresearch.com