Cisco's 802.11ac gigabit wireless LAN is scheduled to come out in early 2013. We're planning on being an early adopter. Are there any security ramifications with the impending arrival of gigabit Wi-Fi? Is there anything in particular concerning 802.11ac that we should be wary of?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
As wireless continues to evolve, it's important that network and security administrators stay ahead of the game. Learning about the new 802.11ac wireless standard is a good example of that. We're already seeing wireless devices -- both access points and client devices -- hitting the market early. This standard is being touted as gigabit Wi-Fi, but only time will tell if we'll actually get speeds of that bandwidth. Let's review some of the aspects of 802.11ac and potential security concerns to keep an eye on.
One of the areas that we might see an improvement with 802.11ac is the ability to have all client and APs pressed into the 5 GHz band from the previous 2.4 GHz band. This will allow for quicker speeds on a less congested network and the possibility to use channels between 80 MHz and 160 MHz, which subsequently allows for greater speeds over the air.
Another change to 802.11ac has to do with encryption. The CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code) protocol, which is at the root of WPA2, is too slow to deal with the data transfers needed with 802.11ac. Thus, the Galois/Counter Mode Protocol (GCMP) was added to 802.11 to handle the encryption operations faster and more efficiently. The GCMP protocol still uses the advanced encryption standard (AES), but it uses it efficiently and gives 802.11ac the acceleration needed. The one downfall to this is that since 802.11ac is a new protocol, it requires new hardware to support it. This could lead to using other methods or budgeting for new equipment that allows for these speeds and encryption.
With this being said, the fundamentals of wireless networking still need to be employed with the only difference being that if there was ever a breach externally from the network, the attackers would be able to pilfer data at a higher rate over these faster links. Locking down your network, using certificates and proper encryption, and monitoring for intruders or unauthorized access attempts are still relevant and will always be needed to secure your wireless networks.
This was first published in March 2013