• United States
Senior Editor

Cisco strengthens WLAN security

Feb 16, 20042 mins
Cellular NetworksCisco SystemsNetworking

Cisco last week submitted a protocol to the IETF that could serve as an alternative to the proprietary scheme that the company promotes for securing wireless LANs.

Cisco last week submitted a protocol to the IETF that could serve as an alternative to the proprietary scheme that the company promotes for securing wireless LANs.

The protocol, which Cisco is submitting for consideration as an Internet standard, addresses a security weakness in Cisco’s Lightweight Extensible Authentication Protocol (LEAP). The protocol, which creates an encrypted connection without the use of complex security mechanisms, is scheduled to be released next month in software upgrades for Cisco’s WLAN adapter cards and its Secure Access Control Server product.

The protocol is called Extensible Authentication Protocol Flexible Authentication via Secure Tunneling (EAP FAST). All EAP types, as they’re known, are designed to work as part of the IEEE 802.1x authentication framework, which is finding its initial adoption in WLANs.

Cisco still recommends LEAP for wireless networks that don’t need higher levels of security.

Last summer, Cisco acknowledged that an attacker could break into LEAP with a dictionary attack, which uses a protocol sniffer to capture part of a LEAP authentication session and then tries to guess the session password with a database of commonly used and easily remembered character sets.

At first, Cisco recommended that customers either use hard-to-guess passwords or use another authentication type, such as Protected EAP (PEAP). Jointly developed by Cisco, Microsoft and RSA Security, PEAP sets up an encrypted connection or tunnel, where every bit of data is scrambled. But these other EAP types require the use of a complex digital certificate infrastructure to set up a secure tunnel between two ends of a network connection.

With EAP FAST, Cisco has drafted a mechanism that looks and behaves like LEAP, but creates a PEAP-like tunnel without the use of certificates, says Chris Bolinger, manager of product marketing for Cisco’s wireless networking business unit. Instead, the new protocol makes use of what Cisco calls a “credential” which is automatically downloaded to the client from a trusted network source.

EAP FAST also is being included in the Cisco Compatability Extensions 3.0 specification, which Cisco makes available to v hardware vendors. These vendors use the spec to write drivers to talk to features in Cisco’s IOS software. The new protocol is expected to appear in these products by fall, Bolinger says.

Senior Editor

I cover wireless networking and mobile computing, especially for the enterprise; topics include (and these are specific to wireless/mobile): security, network management, mobile device management, smartphones and tablets, mobile operating systems (iOS, Windows Phone, BlackBerry OS and BlackBerry 10), BYOD (bring your own device), Wi-Fi and wireless LANs (WLANs), mobile carrier services for enterprise/business customers, mobile applications including software development and HTML 5, mobile browsers, etc; primary beat companies are Apple, Microsoft for Windows Phone and tablet/mobile Windows 8, and RIM. Preferred contact mode: email.

More from this author