On October 31, 2002, the Wi-Fi Alliance (a nonprofit body that certifies IEEE 802.11 products) announced WPA, a security offering based on IEEE standards. WPA, which replaces WEP, works with established products and will likely appear in Wi-Fi-certified products in first quarter 2003. Most vendors will likely offer firmware and software updates for products.

The Wi-Fi Alliance has responded to security vulnerabilities in WEP, which is based on the 802.11 specification. WPA enables 802.11i-based Temporal Key Integrity Protocol (TKIP) encryption and 802.1x/Extensible Authentication Protocol (EAP) authentication before approval of the full 802.11i standard. TKIP overcomes the static key problems that made WEP vulnerable to hackers and delivers adequate levels of encryption and authentication for most enterprise requirements. It will support frequent changing of the encryption algorithm keys used in wireless LANs (WLANs). 802.1x/EAP supports mutual authentication of client and host, thus preventing potential "man in the middle" vulnerabilities where intruders masquerade as hosts and try to capture passwords.

[ Read more ]

Comment:

For all your wireless security information needs, visit the Wireless outside articles section of HNS.

Related items

• Software: Kismet
• Software: AirSnort
• Software: Fake AP
• Software: PrismStumbler
• Software: Wellenreiter
• Article: Wireless LAN Security (5 November 2002)
• Article: Wireless Security Threats (9 October 2002)
• Software: APTools
• Article: Hacking the Invisible Network: Insecurities in 802.11x (31 July 2002)