This week we learned that after considerable effort a vulnerability has been uncovered within the popular and previously most secure method of wireless encryption – WPA2. In classic form, the researcher will demonstrate at Defcon 18. You may find additional (repetitive) writings here and here.
To recap WPA2 has been the recommended standard for many public industry best practice guidances, and has been the classic default in most wireless deployments. However, this is not a “serious problem“…
Deploying wireless has been proven to be insecure since its inception, and as such best practices consistently advise that these wireless networks be deployed “as if they they were public connection”, and therefore are secured accordingly. Specifically wireless networks are advised to be deployed on a network connection external to your corporate data network. In this architecture the user may gain access to the public internet (with advisable filtering and automated trigger monitoring to prevent a slew of spam generation), and simply leverages their already familiar VPN connectivity software. This provides a secure tunnel for all data transmissions and eliminates the past, present, and upcoming wireless encryption vulnerabilities.
The PCI DSS standard in fact requires compensating controls if an organization chooses to deploy wireless to enhance the existing security state where wireless is required.
Wireless is a great business enabler, but should be architected, secured, and monitored in a manner that reflects the inherent trust aspects raised with the implementation.
A nice writeup, as always, can be found at Darknet.