Cisco releases WLAN security protocol
- 14 April, 2004 08:34
- Comments
Cisco Systems announced the availability of a protocol that's designed to defeat brute-force dictionary attacks that capture users' passwords in its wireless LAN products. The company urged end users and systems administrators to download the related patch from its Web site.
Joshua Wright, a systems engineer and deputy director of training at the SANS Institute in Bethesda, Md., developed an automated dictionary-attack tool last year that could be used against Cisco's Lightweight Extensible Authentication Protocol, known as LEAP while working at Johnson & Wales University in Providence, R.I. Wright released the attack tool last week, according to Cisco. A dictionary attack is a method in which an attacker runs millions of passwords against a database until a match is eventually found.
Chris Bolinger, manager of wireless LAN product marketing at Cisco, said the company's new protocol defeats dictionary attacks by sending credentials through an encrypted tunnel. The patch is relatively easy to install, Bolinger said, and it updates wireless LAN client software on a notebook or laptop computer.
Cisco announced the availability of the protocol, called the Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), and made it available to the Internet Engineering Task Force in February (see story).
Bolinger said he expects other wireless LAN vendors to incorporate EAP-FAST into their security offerings.
Wright said that while he believes EAP-FAST is a better authentication solution than Cisco's proprietary LEAP, "I am not yet convinced it is completely secure." He recommended that users migrate to the Protected Extensible Authentication Protocol, which is also available from Cisco, instead of experimenting with EAP-FAST, since PEAP is a more established protocol.
Wright said the source code and a Windows executable for his dictionary attack tool are available at http://asleap.sourceforge.net.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Oracle SOA vs. IBM SOA - Customer Perspectives on Evaluating Complexity and Business Value
- Maximise Software Cost Savings by License Reharvesting, Recycling & Applying Product Use Rights
- Shedding Light on Backup and Availability Challenges in Virtual Environments
- Unified Communications Strategy Guide
- Advanced Malware Exposed - How advanced malware, zero-day and targeted APT attacks are evading today's network defences
-
Microsoft at a loss over Event Viewer scam
-
NBN service plans won't cost consumers more: Conroy
-
Quigley dismisses Turnbull’s satellite concerns
-
Amazon Web Services aims to make life easier for Windows developers
-
30 days with Ubuntu Linux, day 3: Where's my iTunes?
-
Windows 7 for Dummies® Dvd+book Bundle
-
MYOB Software for Dummies 6E Australian Edition
-
Computers for Seniors for Dummies, 2nd Edition
-
Teach Yourself Visually Windows 7
-
Microsoft Office
-
Windows 7 for Dummies®
-
Windows 7 for Seniors for Dummies®
-
Office 2007 for Dummies
-
Office 2007 All-In-One Desk Reference for Dummies
Comments
Post new comment