WEP is out, WPA is in
On October 31, 2002, the Wi-Fi Alliance (a nonprofit body that certifies IEEE 802.11 products) announced WPA, a security offering based on IEEE standards. WPA, which replaces WEP, works with established products and will likely appear in Wi-Fi-certified products in first quarter 2003. Most vendors will likely offer firmware and software updates for products.
The Wi-Fi Alliance has responded to security vulnerabilities in WEP, which is based on the 802.11 specification. WPA enables 802.11i-based Temporal Key Integrity Protocol (TKIP) encryption and 802.1x/Extensible Authentication Protocol (EAP) authentication before approval of the full 802.11i standard. TKIP overcomes the static key problems that made WEP vulnerable to hackers and delivers adequate levels of encryption and authentication for most enterprise requirements. It will support frequent changing of the encryption algorithm keys used in wireless LANs (WLANs). 802.1x/EAP supports mutual authentication of client and host, thus preventing potential "man in the middle" vulnerabilities where intruders masquerade as hosts and try to capture passwords.
[ Read more ]
For all your wireless security information needs, visit the Wireless outside articles section of HNS.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.