Cisco warns its WLAN security can be cracked
Cisco posted a security bulletin on its website on 7 August about the vulnerability of its Lightweight Extensible Authentication Protocol (Leap) to dictionary attacks, according to Ron Seide, product line manager in the company's wireless business unit.
In that bulletin, Cisco acknowledged the flaw and said, "As with most password-based authentication algorithms, Cisco Leap is vulnerable to dictionary attacks. Creating a strong password policy is the most effective way to mitigate against dictionary attacks. This includes using strong passwords and periodically expiring passwords."
Seide said Cisco believed that Leap can be made "relatively" secure with strong password policies, which can mitigate against dictionary attacks.
He added that the company also has an upgrade path to help customers migrate from Leap to its stronger Protected Extensible Authentication Protocol (PEAP) which uses one-time passwords and digital certificates. He also said Cisco has used its field sales force to tell customers about the potential problem since the security bulletin was posted.
[ Read more ]
- Review: 802.11 Security (3 October 2003)
- Review: Installing, Troubleshooting, and Repairing Wireless Networks (5 September 2003)
- Review: Building Secure Wireless Networks with 802.11 (28 August 2003)
- Review: How Secure is Your Wireless Network? Safeguarding Your Wi-Fi LAN (22 August 2003)
- Article: Lack of Security at Wireless Conferences (6 August 2003)
- Review: WiFi Security (9 July 2003)
- Review: Wireless Security End to End (4 June 2003)
- Review: The Complete Wireless Internet and Mobile Business Programming Training Course (28 May 2003)
- Review: Deploying License-Free Wireless Wide-Area Networks (14 May 2003)
- Article: Positive Identification in a Wireless World (6 May 2003)
- Article: Warchalking and Other Wireless Worries (3 April 2003)
- Article: How to Make Wireless Networks Secure (26 March 2003)
- Article: Interview with Cyrus Peikari, CEO of AirScanner Mobile Security (24 February 2003)
- Review: Maximum Wireless Security (17 February 2003)
- Article: Detecting Wireless LAN MAC Address Spoofing (22 January 2003)
- Article: Avoid Wireless LAN Security Pitfalls (17 January 2003)
- Article: Interview with Jay Chaudhry, CEO of AirDefense (7 January 2003)
- Review: Wireless Security and Privacy: Best Practices and Design Techniques (17 December 2002)
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.