Cisco last week submitted a protocol to the IETF that could serve as an alternative to the proprietary scheme that the company promotes for securing wireless LANs.Cisco\u00a0last week submitted a protocol to the IETF that could serve as an alternative to the proprietary scheme that the company promotes for securing\u00a0wireless LANs.The protocol, which Cisco is submitting for consideration as an Internet standard, addresses a security weakness in Cisco's Lightweight Extensible Authentication Protocol (LEAP). The protocol, which creates an encrypted connection without the use of complex security mechanisms, is scheduled to be released next month in software upgrades for Cisco's WLAN adapter cards and its Secure Access Control Server product.The protocol is called Extensible Authentication Protocol Flexible Authentication via Secure Tunneling (EAP FAST). All EAP types, as they're known, are designed to work as part of the IEEE 802.1x authentication framework, which is finding its initial adoption in WLANs.Cisco still recommends LEAP for wireless networks that don't need higher levels of security.Last summer, Cisco acknowledged that an attacker could\u00a0break into LEAP\u00a0with a dictionary attack, which uses a protocol sniffer to capture part of a LEAP authentication session and then tries to guess the session password with a database of commonly used and easily remembered character sets.At first, Cisco recommended that customers either use hard-to-guess passwords or use another authentication type, such as Protected EAP (PEAP). Jointly developed by Cisco, Microsoft and RSA Security, PEAP sets up an encrypted connection or tunnel, where every bit of data is scrambled. But these other EAP types require the use of a complex digital certificate infrastructure to set up a secure tunnel between two ends of a network connection.With EAP FAST, Cisco has drafted a mechanism that looks and behaves like LEAP, but creates a PEAP-like tunnel without the use of certificates, says Chris Bolinger, manager of product marketing for Cisco's wireless networking business unit. Instead, the new protocol makes use of what Cisco calls a "credential" which is automatically downloaded to the client from a trusted network source.EAP FAST also is being included in the Cisco Compatability Extensions 3.0 specification, which Cisco makes available to v hardware vendors. These vendors use the spec to write drivers to talk to features in Cisco's IOS software. The new protocol is expected to appear in these products by fall, Bolinger says.