Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Wireless/Mobile /

Wireless LAN holes exposed

Today's breaking news
Send to a friendFeedback

By John Cox
Network World, 02/12/01

Wireless LAN security holes identified in a new report by computer scientists are real but not easily exploited, according to product vendors.

University of California researchers report that several weaknesses in the Wired Equivalent Privacy (WEP) encryption algorithm leave 802.11 wireless LANs vulnerable to several kinds of sophisticated decryption attacks. The flaws let a laptop user with a wireless PC LAN card eavesdrop on transmissions and decipher key parts of LAN packets using statistical analysis. The same weaknesses can then be used to create malicious packets and send them over the LAN.

The report is available here.

But vendors and users say the WEP weaknesses are well-known and that the IEEE 802.11 group is drafting an improved version of WEP. In any case, they say there are products available that can provide layers of protection.

Cisco last month released its Aironet 350 series wireless LAN products with a new security framework that also eliminates WEP, changes the encryption keys with each session and authenticates users based on the Remote Access Dial-In User Service protocol.

"The report exaggerated the degree of risk," says John Drewry, a business development executive at 3Com, which also has released technology to protect against wireless LAN attacks. "These are very sophisticated attacks and they are not easy to systematize and then redistribute by posting them on Web sites."

There are changes a company can make to its wireless LAN and net security system (such as periodically changing the cryptographic keys) that would force attackers to begin their break-in all over again.

The researchers acknowledge the difficulty in decoding 2.4-GHz digital signals and that reverse-engineering the firmware in 802.11 LAN cards takes a "significant time investment."

But, they write, "our analysis suggests that all of these attacks are practical to mount using only inexpensive off-the-shelf equipment."

RELATED LINKS

Contact Senior Editor John Cox

Other recent articles by Cox


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.