- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Wireless dangers at airports. Listen now!
Virtualization technology allows companies to respond quickly to ever-changing storage capacity requirements. Learn about how HP defines virtualization technology and how it applies to the HP 's newest Enterprise Virtual Array (EVA) storage system in this new white paper.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
IT professionals like the idea of consolidating hundreds of servers into only a few, but it takes a lot more to cost effectively consolidate and virtualize servers. Watch this six-chapter webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization" to learn how to effectively consolidate your Windows environment. One of the themes explored includes the characteristics of an orchestrated data center, which includes: Resource management, dynamic provisioning, job management, policy management, accounting and auditing and real-time availability. Learn more about orchestration and much more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
I'm an American, and my government-funded schools taught me that government censorship is bad! It's...- Ben
IEEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, patched the holes in the original Wired Equivalent Privacy specification by introducing new cryptographic algorithms to protect data traveling across a wireless network. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network.
Traditionally, management frames did not contain sensitive information and did not need protection. But with new fast handoff, radio resource measurement, discovery and wireless network management schemes (provided in the upcoming 802.11r, 802.11k and 802.11v drafts), new and highly sensitive information about wireless networks is being exchanged in these non-secure frames.
802.11w proposes to extend 802.11i to cover these important frames. IEEE started work on this proposal early in 2005, and an official draft is expected to be ratified in the first half of 2008. 802.11w will require changes to the firmware of clients and access points. It should not require hardware changes, however, and thus might be available as a software-only upgrade to many types of hardware.
802.11w provides protection in three categories. The first is for unicast management frames, or frames between one access point and one client. By reporting network topology and modifying client behavior, unprotected unicast management frames provide a powerful arsenal to an attacker, who can discover the layout of the network, pinpoint the location of devices and mount far more successful denial-of-service (DoS) attacks against a network.
802.11w tackles this problem by extending the existing notion of data encryption algorithms to the unicast management frames, using the existing Temporal Key Integrity Protocol or Advanced Encryption Standard-based algorithms. This protects against forgeries and provides confidentiality.
The second method is for generic broadcast management frames. These frames are less common and typically are used to adjust radio frequency properties or start measurements, rather than report sensitive information. Thus, 802.11w proposes to protect only against forgeries, and not provide confidentiality. The simplest proposal relies on a message integrity code, which is appended to the non-secure management frame. An access point shares a key with every securely associated client. All devices - including eavesdroppers - can see the message, but the key prevents devices outside the network from forging messages. However, authenticated clients can still pretend to be the access point in this scheme.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
