Cisco releases WLAN security protocol

Cisco announced the availability of a protocol that’s designed to defeat brute-force dictionary attacks that capture users’ passwords in its wireless LAN products. The company urged end users and systems administrators to download the related patch from its Web site.

Joshua Wright, a systems engineer and deputy director of training at the SANS Institute in Bethesda, Md., developed an automated dictionary-attack tool last year that could be used against Cisco’s Lightweight Extensible Authentication Protocol, known as LEAP while working at Johnson & Wales University in Providence, R.I. Wright released the attack tool last week, according to Cisco. A dictionary attack is a method in which an attacker runs millions of passwords against a database until a match is eventually found.

Chris Bolinger, manager of wireless LAN product marketing at Cisco, said the company’s new protocol defeats dictionary attacks by sending credentials through an encrypted tunnel. The patch is relatively easy to install, Bolinger said, and it updates wireless LAN client software on a notebook or laptop computer.

Cisco proposed a new protocol, called the Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), and made it available to the Internet Engineering Task Force in February.

Bolinger said he expects other wireless LAN vendors to incorporate EAP-FAST into their security offerings.

Wright said that while he believes EAP-FAST is a better authentication solution than Cisco’s proprietary LEAP, “I am not yet convinced it is completely secure.” He recommended that users migrate to the Protected Extensible Authentication Protocol, which is also available from Cisco, instead of experimenting with EAP-FAST, since PEAP is a more established protocol.

Wright said the source code and a Windows executable for his dictionary attack tool are available at http://asleap.sourceforge.net.