Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Security vendor demonstrates insider attack on VMware ESX
RIM Buys Documents To Go, It Should Have Been Microsoft
Smartphone support challenges enterprise IT teams
Symantec, Trend Micro rivalry heats up over antivirus tests, new products
IT asset tracking system combines RFID, infrared for rack-level identification
Symantec: Most hacking victims blame themselves
Lawsuit shows HP sees Hurd as primal threat
Dell to make a play for Brocade?
Larry Ellison's pay package worth $70 million, down 17% from '09
Red Bend buys VirtualLogix for mobile virtualization
Cisco, Citrix team on desktop virtualization package
Oracle hires Hurd: Who's sorry now?
VMware's plan for the Apple iPad still taking shape
Oracle stock rises 5% on news of Hurd hire
Microsoft investigates two-year-old IE bug
Security /

Wireless LAN security fix proposed

Related linksToday's breaking news
Send to a friendFeedback

By Peter Sayer
IDG News Service, 12/17/01

Network managers worried about the security of their wireless LANs may soon be able to sleep a little easier. The standards committee responsible for the broken wireless LAN encryption algorithm, Wired Equivalent Protocol, has approved a fix to the system which can be applied to existing equipment, according to RSA Security and Hifn, two of the companies on the committee.

The fix for the WEP encryption standard uses a technique called fast-packet keying to rapidly generate unique encryption keys for each data packet transmitted. The fix has been approved by a committee of the IEEE responsible for WEP and a clutch of other wireless LAN standards, RSA Security and Hifn said Monday.

Equipment vendors can distribute the fix as a software or firmware patch, allowing users to update existing vulnerable devices, according to RSA Security and Hifn.

Traffic on wireless LANs can be overheard by anyone with an appropriate radio receiver, so the WEP standard was adopted by the IEEE 802.11 standards committee as a way of encrypting this traffic to make it as secure from eavesdroppers as traffic on wired LANs.

However, flaws in the encryption algorithm meant that it was relatively simple to guess the keys with which successive packets of data were encrypted on WEP wireless LANs, because the keys were too closely related to one another.

Current implementations of the WEP standard use RSA Security's RC4 algorithm for encryption.

RSA Security defended its encryption algorithm, saying the successful attacks against WEP were not a result of any weakness in RC4, but rather in how WEP created encryption keys for each data packet based on a secret code known only to the base station and the remote terminal in the wireless LAN. The keys for different packets were too similar, RSA said, meaning that hackers could exploit the similarity to deduce the secret code, and with it, the content of all network traffic.

The fast packet keying method can be used to reduce the similarity between keys used to encrypt successive data packets, making it harder for hackers to guess the secret code known to the network terminals, RSA Security said.

The IDG News Service is a Network World affiliate.

Related Links

 
NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.