Reading the history of Wi-Fi security standards and protocols -- such as the Wired Equivalency Protocol (WEP), 802.1x, 802.11i, Wi-Fi Protected Access (WPA), WPA2, the Extensible Access Protocol (EAP), the Lightweight Extensible Access Protocol (LEAP) and others -- is enough to give anyone a headache.
The wireless Internet became popular very quickly -- too quickly for vendors, service providers and planners to build in adequate security. The first stab at security -- WEP -- was not up to the task, and it's been a game of catch up ever since. A common sticking point is that security forces were asking users to do something, such as changing the default setting of their Service Set Identifier (SSID). Needless to say, few people bothered.
It's good to see that industry and government are acting to increase the security of wireless and mobile devices. It's also good to see that that the issue of complexity is being dealt with through the new Wi-Fi Protected Setup program. Basically, this approach enables users to implement WPA2 security through a personal identification number (PIN) or by just pushing a button. A coming version of the platform will use emerging near field communications (NFC) to activate Wi-Fi Protected Setup. The Wi-Fi Alliance said it has certified 10 products for its new standard.
User-friendly steps such as Wi-Fi Protected Setup are especially important as more vital information leaves the enterprise on laptops and as home offices proliferate. It's especially welcome as the bad guys increasingly seek unprotected or under-protected end points as ways to evade firewalls and attack the networks to which they are connected.
Simplicity is the key, and Wi-Fi Protected Setup is a major step. It's important to remember that we live in a country in which many people don't wear their seat belts and ride motorcycles without helmets. Wi-Fi Protected Setup comes as close as possible to not asking folks to do anything to protect their wireless devices and networks.