WEP is out, WPA is in

Thursday, 14 November 2002, 4:58 PM EST

On October 31, 2002, the Wi-Fi Alliance (a nonprofit body that certifies IEEE 802.11 products) announced WPA, a security offering based on IEEE standards. WPA, which replaces WEP, works with established products and will likely appear in Wi-Fi-certified products in first quarter 2003. Most vendors will likely offer firmware and software updates for products.

The Wi-Fi Alliance has responded to security vulnerabilities in WEP, which is based on the 802.11 specification. WPA enables 802.11i-based Temporal Key Integrity Protocol (TKIP) encryption and 802.1x/Extensible Authentication Protocol (EAP) authentication before approval of the full 802.11i standard. TKIP overcomes the static key problems that made WEP vulnerable to hackers and delivers adequate levels of encryption and authentication for most enterprise requirements. It will support frequent changing of the encryption algorithm keys used in wireless LANs (WLANs). 802.1x/EAP supports mutual authentication of client and host, thus preventing potential "man in the middle" vulnerabilities where intruders masquerade as hosts and try to capture passwords.

[ Read more ]

Comment:

For all your wireless security information needs, visit the Wireless outside articles section of HNS.

Related items




Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //