Napera

Unlike Ethernet, wireless networks don’t stop at your front door. With open source tools like Kismet and penetration testing CD’s like Backtrack, it’s easier than ever to find and compromise Wi-Fi networks. When we designed the Napera N24, wireless security was a frequent area of concern for customers, and it continues to be a key driver for network access control deployments.

In the spirit of holiday list making, here are five guidelines based on our experience in the field to help IT managers tighten wireless security in 2009.

Read the full article…

John Pescatore and John Girard over at Gartner just published a note titled “Consider Shift to WPA2 to Address New Wireless Security Threat”. This is directly related to the attack against WPA networks using the TKIP encryption method that I outlined earlier this week, and recommends moving to WPA2 to avoid the TKIP issue. It’s great advice, and mirrors our findings in our survey of 200 small and medium enterprises where about 50% were still using shared WEP or WPA passwords and 6% were using no encryption at all.
Read the full article…

It’s been a tough couple of months for Wi-Fi security. Last month I blogged about a new Russian brute force password attack against WPA Pre-shared key mode (WPA-PSK, also known as personal mode). Last week German graduate students Erik Tews and Martin Beck upped the ante when they revealed a new attack against the Temporal Key Integrity Protocol (TKIP) encryption in the original flavor of WPA that weakens the security around certain types of traffic, especially short packets. Glenn Fleishman at Ars Technica has written a great overview that outlines how Tews and Beck leveraged weaknesses stemming from the original WEP design and the 802.11 QoS implementation to attack TKIP.
Read the full article…

Wi-Fi security has been a challenge since the technology first came on the market. In 2001 the WEP protocol was shown to be fatally flawed, and was replaced by WPA in 2003. In 2004 the 802.11i standard for WPA2 became available and WEP was officially laid to rest.

With revelations this week of a Russian firm selling a GPU accelerated key cracker for WPA Pre-shared key mode (WPA-PSK, also known as personal mode) Wi-Fi security is in the headlines again. Brute force cracking is not new, but the speed of this attack checking hundreds of millions of passwords per second combined with the typical simplicity of shared WPA-PSK passwords supports the argument that WPA-PSK is  insufficient to protect commercial wireless networks.
Read the full article…