What are your predictions for the future when it comes to wireless security? There has been a lot of talk about the insecurities of the Wi-Fi Protected Access (WPA) security standard.
I have a lot of confidence in WPA. There has been press recently about a potential dictionary attack under some conditions. In essence this says that if you choose a bad password (or key) to protect your system you may be vulnerable to dictionary attack. So what's new? The same applied to security systems the world over. If you choose a password like "Redskins" then a dictionary attack is bound to find your password. You can foil dictionary attacks by limiting the number of tries an attacker can make but at the end of the day the solution is pick good passwords! I'm not aware that there is any unexpected security weakness in WPA and is has been reviewed by the world's best. I think the issue has been sensationalized.
The future? Well I think we need to work towards a generic security model across all network systems. The problem up to now is the security has been developed in islands. This is partly due to the separation of the IETF and IEEE organizations. There is a big feeling with everyone that all the standards need to hang together as a whole to ensure effective and security deployment.
What are your future plans? Any exciting new projects?
Keep an eye on the work of task group 'e' - quality of service. It's a long time coming but could do some interesting things. My company consults on a range of IEEE802.11 related areas - check out intalk2k.com.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.