In recent months, all but the most casual of tech observers will have likely seen news pertaining to the soon-to-be-ratified IEEE 802.11ac standard. Commonly referred to as Gigabit Wi-Fi, many within the tech industry have been quite taken with the seemingly endless possibilities made available by 802.11ac's throughput speed. Depending on how many spatial streams are being used, 802.11ac has reportedly reached speeds of up to 1.3 Gbps. When compared to 802.11n's maximum throughput speed of 450 Mbps, one can easily realize the implications with regard to applications that have previously been considered throughput hogs.
YouTubing at my favorite wireless hot spot or Skyping with my family while I'm staying at a hotel seem like they'll be much smoother experiences in the near future.
Some may ask if this new development in wireless technology is simply too good to be true. Anticipation continues to grow, but questions still remain. IT teams, in particular, are left wondering how to prepare for 802.11ac security and if the new 802.11 standard is comparable to its predecessors.
From a security standpoint, the overall 802.11 standard is a wireless standard, so all developments within 802.11 involve changes solely within the physical and data link layers of the TCP/IP model. Therefore, all potential 802.11ac hacks would still target the actual bits moving across the wire (or through the air), or the MAC addresses of the various nodes involved with the wireless communication. The 802.11ac standard falls under the 802.11i, WPA2 standard, so the Advanced Encryption Standard (AES) block cipher is still used. If any of this looks strangely familiar, refer to the 802.11n security specifications. You'll see they are exactly the same.
The implementation of the 802.11n standard allowed for greater throughput speeds, and it was the first of the 802.11 variants to implement Multiple Input Multiple Output (MIMO) antennae. This allowed wireless signals to be simultaneously transmitted and received within the same device, and it laid the groundwork for the later work accomplished under the realm of 802.11ac. Couple these new attributes with the fact that 802.11n enjoyed the protection of the AES block cipher for encryption and this has generally been considered a win-win for all parties, raising Wi-Fi security to a new level.
As with all devices that operate over a wireless medium, however, these new performance enhancements led directly to some security concerns. For example, if the throughput speed increases by x amount, then it stands to reason that attackers that successfully access a given network will be able to introduce their malicious traffic at an increased rate of speed, or similarly exfiltrate data more quickly. This will eventually hold true for 802.11ac as well.
For companies that are wondering whether making the immediate jump to 802.11ac will improve enterprise network security, I subscribe to the school of thought that says, "Why not let everyone else experience the bugs, security vulnerabilities and all of the other happiness that goes along with a new technology, and spare myself the headaches?" When everyone else was making the move to Vista, I decided to stay with XP and, quite frankly, I feel I made the smart move: Vista, as most recall, turned out to be more of a headache than it was worth.
Unless an organization has some unusually pressing need for GB wireless throughput functionality, a slower, more deliberate approach to 802.11ac adoption is in order. However, if an organization is making the jump from one of the standards that preceded 802.11n, then switching to 802.11ac might make more sense. This is because some of the older IEEE 802.11 standards still use the WEP and WPA encryption standards, whereas the newer 802.11 variants rely on the greatly improved WPA2 encryption standard.
From the editors: More on protocol security
Learn how to avoid VPN leaks on dual-stack networks.
Review IPv6 address configurations to assess feasibility of attacks.
With the increase in throughput speed comes a need for newer hardware. Because of the new standard's ability to operate on eight spatial streams and the 5 GHz frequency band, new wireless access points will be necessary, and expensive new chipsets are being created to power the new infrastructure pieces. So making the move to the new standard will be a significant expenditure in an IT budget.
For organizations that do make the move to 802.11ac, the good news is that the new standard is reportedly backward-compatible with 802.11n. So if an organization's endpoint devices are strictly of the 802.11n species, the wireless access points should be able to step down to that level. Those still operating in the 802.11a/b/g spectrum get the bad news: The new 802.11 standard is reportedly not backward-compatible with these older standards.
My advice on 802.11ac is to take the same precautions you take for those that continue to operate within the 802.11n standard: Ensure strong passwords are used, be vigilant with respect to physical security and periodically assess your security posture. To obtain a better overall understanding of your security posture, use open source penetration testing tools and attempt to infiltrate your network.
Overall, I preach slow and steady when it comes to adoption, but I am quite intrigued with the new 802.11 standard. Gigabit Wi-Fi will likely make YouTubing at my favorite wireless hot spot or Skyping with my family while I'm staying at a hotel much smoother experiences in the near future.
Furthermore, over the past year and a half, most manufacturers of wireless endpoint devices have inserted 802.11ac compatibility into the wireless infrastructure of said devices. So, whether your company is one of the early migrants to the new 802.11 standard or not, chances are you'll be able to experience Gigabit Wi-Fi in some capacity shortly after the standard's ratification.
About the author:
Brad Casey holds an MS in Information Assurance from the University of Texas at San Antonio, and has extensive experience in the areas of penetration testing, public key infrastructure, VoIP and network packet analysis. He is also knowledgeable in the areas of system administration, Active Directory and Windows Server 2008. He spent five years doing security assessment testing in the U.S. Air Force, and in his spare time, you can find him looking at Wireshark captures and playing with various Linux distros in VMs.