It's easy: The big names in wireless local area network (WLAN) security are, according to this Processor story, WEP, WPA-PSK, WPA-EAP (also known as WPE-Enterprise), WPA2-PSK, and WPA2-EAP.
But you knew that, right?
Okay, we didn't either. The point is that like so many things in modern telecommunications, WLAN security is a huge and complex afterthought: Consumers and businesses discovered the wonders of wireless communications -- connecting to the Internet without dragging around 10 pounds of cables -- and went with it in a big way. It was soon discovered, however, that malcontents and miscreants (we'd use other names if this wasn't a family-oriented blog) would sit in parking lots and outside homes and use snooping gear to intercept communications.
So vendors and the Wi-Fi Alliance, the Institute of Electrical and Electronics Engineers (IEEE) and other groups began incrementally graphing improved security onto these networks. It's a laudable task, but it takes time.
There are two main pieces to wireless security. One is encryption, which is basically how well scrambled the data is. The other is authentication, which is the process of determining if somebody asking for access to a network should be allowed on. It seems that much of the action focuses on the authentication element.
IT managers must educate themselves on these choices. The Processor article makes the point that whether new gear supports 802.1x -- a more robust authentication scheme -- is a very significant issue. Poor authentication obviates gains made in encryption by allowing hackers to masquerade as legitimate users and thus not face the task of beating the encryption protocol.
That's pretty important stuff, and the dangers of not understanding it are serious. Our question: Do IT staffs -- especially in smaller organizations -- really know what's going on?