How Microsoft makes its own WLAN secure
Microsoft was one of the first large corporations to enable its entire corporate LAN over wireless, starting in 1999 with a rash promise by Bill Gates at Comdex. Three years later, says security chief John Biccum, they have something which is actually quite secure - more secure than the wired LAN. He told delegates at IT Forum how he did it.
John Biccum has been "the most unpopular man on campus" at Microsoft. "I didn't want to be the guy who told Bill Gates that it couldn't be done," he explained, "when he said that Microsoft would have the world's largest wireless network within a year." And so he was the man who had to make it work.
That involved making it not work, too - much to the rage of people who wanted to use the wireless network. John was the man who "switched off" 20,000 Pocket PC users by introducing security to his WLAN. Why?
"There was an executive call to action with Bill's speech," said Biccum at the Forum in Copenhagen today, "but there was also the issue of productivity. Microsoft employees are very mobile, and I'm pretty typical in having an office where I'm rarely to be found. So we had to have a network; but when we first put it up, it was very, very insecure."
The problem was the static WEP key adopted. Every access point and every client wireless adapter had the same static WEP key burned into it. It provided some security and at the time, WEP attack methods were a vision, not a reality. But the problem with a single secret key is that it was a secret. "And as BlackBeard said - any two people can keep a secret, if one is dead. Having 50,000 network cards with the same "secret" burned into them? It was only a matter of time before it was posted on the Internet - and for some weeks, part of my job was looking on the Internet to see if it was posted."
And the idea of switching it was just a dream. "Reality is that if you have 3,500 access points, you can't just say "On Monday we will switch keys!"
[ Read more ]
For all your wireless security information needs, visit the Wireless outside articles section of HNS.