Time to smarten up about security

Monday, 17 June 2002, 11:28 AM EST

Robert Moskowitz writes: "In January, I wrote about another important wireless authentication mechanism, 802.1x.). A month later, William Arbaugh and his colleagues published a whole set of attacks against 802.1x when it is used with 802.11.

The IEEE 802.1x workgroup focused its efforts on Ethernet, token ring and FDDI networks. However, the 802.1x standard clearly indicates that the intended application is principally for hub-based deployments. Only one section in the standard document covers using 802.1x in "shared-media LANs." That section warns that a secure association (EAP method) is required to avoid man-in-the-middle and denial-of-service attacks. During the development of 802.1x, some of the participants seemed to have thought, "802.11 access points could use the 802.1x protocol too." Shortly after the first papers on WEP's weaknesses were released, the 802.11 workgroup took on the task of improving 802.11's security, and 802.1x's MAC-based authentication method quickly became the cornerstone of this improvement effort. Since that move, all 802.11 efforts have been to build a complete security system using 802.1x."

[ Read more ]

Related items




Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //