Wi-Fi Alliance has (finally) decided to take some giant steps in improving the state of wireless security. Starting Jan 2011, TKIP will be disallowed on new APs and from 2012, it will be disallowed on all Wi-Fi devices. Come Jan 2013, WEP will not be allowed on new APs and from 2014, WEP will be disallowed on all Wi-Fi devices. This is the good news. But, let us also get to the “bad” news.
Unfortunately, the bad news is that there can be other wireless security holes in an enterprise. Although TKIP & WEP are disallowed, “Open” configuration continues to be allowed. Enterprises need to worry about AP mis-configurations and legacy deployments. Further, network intrusions and extrusions due to unmanaged devices are still possible. Rogue APs will persist to haunt enterprise IT security teams. Similarly, the plethora of Wi-Fi clients present within an enterprise introduces new paths for enterprise data leakage.
Hence, wireless security audits and enterprise airspace surveillance will continue to be important. Do let me know if you think otherwise.