Wi-Fi eyes better wireless LAN security

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2002/1030wifisec.html

By Stephen Lawson
IDG News Service, 10/30/02

The Wireless Ethernet Compatibility Alliance, which certifies IEEE
802.11 wireless LAN products with the Wi-Fi label, on Thursday will
announce a new set of mechanisms to combat the security problem that
has plagued wireless LANs.

A WECA official did not provide details of the mechanisms but said
they are intended to replace the current security system based on
Wireless Encryption Protocol (WEP).

WEP, which is built in to products that use the IEEE 802.11b and
802.11a standards, is easy for intruders to break into, according to
many analysts and other observers. A task group within the working
group that administers 802.11 in the IEEE is developing a new security
specification that would require equipment to support several
different strong algorithms for encrypting traffic. That work is not
done yet, and products using it are not expected until the second half
of next year.

WECA has taken a "snapshot" of part of the security task group's work
to get better security to the market sooner, said Al Petrick, vice
chairman of the IEEE 802.11 working group, in a speech last month.

Security concerns have hindered the acceptance of wireless LANs,
especially in corporations, overshadowing the potential benefits of
letting employees stay connected to a network while moving around a
building or campus, according to some analysts.

With WEP, the keys used to encrypt data passing over the network can
be cracked just by examining a brief sample of packets, according to
Peter Shipley, a security consultant in Berkeley, Calif.

Some vendors, such as Cisco, sell corporate 802.11 systems equipped
with other methods of security on top of WEP. However, most
consumer-oriented wireless LAN equipment offers only WEP.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.