RSA Security Enhances Security for Wireless LAN Environments

Organizations now able to protect access to their wireless LANs with market-leading RSA SecurID® two-factor authentication software

Bedford, MA, Monday, December 16, 2002 — RSA Security Inc. (Nasdaq: RSAS), the most trusted name in e-security®, today announced the availability of new functionality for the industry-leading RSA SecurID® two-factor authentication solution that enables enhanced protection in wireless local area network (WLAN) environments. Without the proper security measures in place, wireless connectivity will continue to be a major risk until more robust authentication protocols are adopted. Now, by securing WLANs with the proven solution for two-factor user authentication, organizations can realize the full benefits of WLANs – including cost reduction and productivity enhancement – while reducing the risk of exposing mission-critical data and resources to unauthorized access.

WLAN is viewed as a critical business tool for many organizations because the technology represents an ideal way to link users – of PCs, laptops, PDAs and other mobile devices – to the Internet and internal networks without hard-wired connections. However, with the enhanced mobility of wireless networks also comes serious security threats, because any confidential data that is flowing over these networks – including financial transactions, credit card numbers and proprietary company information – can be easily exposed or compromised if not properly secured. User authentication in a WLAN environment is typically done through the use of weak, static passwords that are particularly vulnerable to hacking. This prevents organizations from using their WLANs for critical business purposes, limiting their effectiveness. With the RSA SecurID solution, organizations can now replace weak passwords with strong, two-factor user authentication, protecting their WLANs environments for more strategic or sensitive applications.

RSA Security has been actively working with leading vendors – such as Funk Software (Odyssey and Steel-Belted Radius solutions) and Proxim (ORiNOCO solution) – who support the 802.1x standard to enable seamless integration between RSA SecurID two-factor user authentication and their WLAN solutions. This advancement allows their respective customers to take advantage of the functionality provided by RSA SecurID software to protect data, resources and business applications. Through the RSA Secured® Partner Program, RSA Security has worked with these vendors to test and certify their WLAN solutions, ensuring interoperability with RSA SecurID two-factor authentication. To ensure customer success, implementation guides are available to provide step-by-step instructions on deploying and configuring these popular WLAN solutions with RSA SecurID software.

The IEEE 802.1x standard was proposed to solve authentication challenges in wireless LANs. While 802.1x currently provides a way to move beyond the shared secret approach, the standard does not address the serious problems resulting from a lack of access point and end user authentication – leading to the well publicized “man-in-the-middle” and session hijacking attacks. Written by Cisco, Microsoft and RSA Security and approved by the IETF standards board, the new protocol called the Protected Extensible Authentication Protocol (PEAP) standard addresses both of these concerns. It is designed to easily plug into products based on 802.1x to provide both strong user authentication and access point authentication. RSA Security is partnering with many of the key WLAN vendors to enable them to use this protocol, as well as other protocols such as EAP-TTLS, in a way that interoperates with RSA Security’s technologies and products, including RSA SecurID two-factor authentication.

RSA SecurID two-factor authentication is designed to provide a fast, simple and highly reliable way to verify a user’s identity before granting access to a protected resource. Traditionally used to protect access to networks, Web pages, VPNs, and business applications in a wired environment, RSA SecurID functionality has now been extended to protect access to WLANs. With more than 13 million devices deployed, the RSA SecurID solution is the de facto standard in two-factor authentication. The solution uses patented, time-synchronous technology to provide two-factor user authentication by combining a token or smart card with a secret PIN. RSA Security offers its authenticators in multiple form factors including three hardware styles, software versions that run on PCs, PDAs and mobile phones, and various smart card options.

“Strong security is always the starting point for any wireless business environment, and by securing wireless LAN environments with RSA SecurID user authentication software leveraging new protocols like PEAP, wireless LAN vendors will be able to provide the products that allow businesses to extend a higher level of trust to their wireless business processes without inconveniencing corporate users or IT staff,” said Bill McQuaide, senior vice president of the Authentication division at RSA Security. “RSA Security and its strategic partners are committed to developing these secure technologies and implementing strong user authentication within WLAN infrastructures – a critical requirement for driving profitability and ensuring trust in today’s economy.”

About RSA Security Inc.
With more than 9,000 customers around the globe, RSA Security (NASDAQ: RSAS) is recognized as a strategic e-security partner to the largest and most successful companies leveraging the Internet to grow their business and improve the bottom line. RSA Security’s comprehensive portfolio of e-security solutions – including authentication, Web access management and developer toolkits – helps organizations fully realize revenue opportunities while helping protect critical information against unauthorized access and other forms of malicious intent. RSA Security’s strong reputation is built on its history of innovation and leadership, award-winning solutions and long-standing relationships with more than 1,000 technology partners. For more information on RSA Security, please visit www.rsasecurity.com.

RSA, SecurID, RSA Secured and The Most Trusted Name in e-Security are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies.

This press release contains forward-looking statements relating to the anticipated success of enhancements to RSA Security’s two-factor authentication solution, as well as forward-looking statements relating to RSA Security’s plans for future strategic partnering relationships. These statements involve a number of risks and uncertainties. Some of the important factors that could cause actual results to differ materially from those indicated by the forward-looking statements in this release are competitive pressures, changes in customer requirements, failure of the market to accept new technologies or technological changes in the computer industry, any of which could make RSA Security’s products obsolete or difficult to sell; failure to develop or maintain strategic partner relationships; general economic conditions, including the current weakness in the global economy; and the risk factors detailed from time to time in RSA Security’s periodic reports and registration statements filed with the Securities and Exchange Commission, including without limitation RSA Security’s Annual Report on Form 10-K filed on April 1, 2002 and its Quarterly Report on Form 10-Q filed on November 13, 2002.