nanog mailing list archives
Re: LEAP Security Vulnerabilities??
From: "Stephen Sprunk" <ssprunk () cisco com>
Date: Thu, 13 Jun 2002 14:34:29 -0500
Thus spake "Hyska, Jason [JJCUS]" <JHyska1 () CORUS JNJ com>
I am well aware of the many security vulnerabilities that exist on wireless networks as well as the inadequacies of WEP.
WEP's only real failure was the failure to specify keying; vendors (and users) with less security experience interpreted this to mean static keys were sufficient. The choice of RC4 was unfortunate given the above problem, but the coming switch to AES should fix that.
I was curious if anyone has had any experiences with Cisco's LEAP authentication protocol? I have scoured the net for reviews or documents examining any potential vulnerabilities, but have not been able to find any. Any and all help or information would be appreciated.
LEAP itself is unlikely to present problems, as it's just a means to verify 802.1x credentials and force key rotation. I'd be much more wary of potential problems in 802.1x itself, since that's the over-the-air portion. S
Current thread:
- LEAP Security Vulnerabilities?? Hyska, Jason [JJCUS] (Jun 13)
- Re: LEAP Security Vulnerabilities?? Stephen Sprunk (Jun 13)
- Re: LEAP Security Vulnerabilities?? Richard A Steenbergen (Jun 13)
- Re: LEAP Security Vulnerabilities?? Stephen Sprunk (Jun 13)
- Re: LEAP Security Vulnerabilities?? Richard A Steenbergen (Jun 13)
- <Possible follow-ups>
- RE: LEAP Security Vulnerabilities?? Rowland, Alan D (Jun 13)
- Re: LEAP Security Vulnerabilities?? Steven M. Bellovin (Jun 15)
- Re: LEAP Security Vulnerabilities?? Stephen Sprunk (Jun 13)