Napera

Today Napera released the results of our online survey of 200 small and medium-sized enterprises that revealed a high level of security risk and an overall lack of confidence among IT managers. Seventy percent of those surveyed received scores on the Napera Network Test indicating medium to high risk of a network security breach, and more than half of the respondents stated they do not have confidence in the security of devices and users on their networks.

The comment we heard most from folks who took the test was that the questions made them think about network security in a new way and they had never thought about the security risks the test revealed.

Read the full article…

John Pescatore and John Girard over at Gartner just published a note titled “Consider Shift to WPA2 to Address New Wireless Security Threat”. This is directly related to the attack against WPA networks using the TKIP encryption method that I outlined earlier this week, and recommends moving to WPA2 to avoid the TKIP issue. It’s great advice, and mirrors our findings in our survey of 200 small and medium enterprises where about 50% were still using shared WEP or WPA passwords and 6% were using no encryption at all.
Read the full article…

It’s been a tough couple of months for Wi-Fi security. Last month I blogged about a new Russian brute force password attack against WPA Pre-shared key mode (WPA-PSK, also known as personal mode). Last week German graduate students Erik Tews and Martin Beck upped the ante when they revealed a new attack against the Temporal Key Integrity Protocol (TKIP) encryption in the original flavor of WPA that weakens the security around certain types of traffic, especially short packets. Glenn Fleishman at Ars Technica has written a great overview that outlines how Tews and Beck leveraged weaknesses stemming from the original WEP design and the 802.11 QoS implementation to attack TKIP.
Read the full article…

Wi-Fi security has been a challenge since the technology first came on the market. In 2001 the WEP protocol was shown to be fatally flawed, and was replaced by WPA in 2003. In 2004 the 802.11i standard for WPA2 became available and WEP was officially laid to rest.

With revelations this week of a Russian firm selling a GPU accelerated key cracker for WPA Pre-shared key mode (WPA-PSK, also known as personal mode) Wi-Fi security is in the headlines again. Brute force cracking is not new, but the speed of this attack checking hundreds of millions of passwords per second combined with the typical simplicity of shared WPA-PSK passwords supports the argument that WPA-PSK is  insufficient to protect commercial wireless networks.
Read the full article…

Last week we announced our new 1.2 release, which is available now to all customers.

An exciting new feature is integration of robust Wi-Fi authentication into the Napera product line. You can now use your new or existing 802.11 wireless access points with WPA/WPA2 Enterprise encryption, and simply point them at your Napera N24 to handle all authentication. This enables you to securely use any access point for both employees and guests, and to move away from the inferior security and shared passwords of WEP or WPA Personal encryption.
Read the full article…