Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RSA announces fix for wireless network hole
- From: Howell, Paul
- Date: Mon Dec 17 21:41:26 2001
At http://www.cnn.com/2001/TECH/internet/12/17/rsa.security.reut/index.html
RSA announces fix for wireless network hole
SAN FRANCISCO, California (Reuters) -- RSA Security Inc. Monday will
announce new technology designed to improve the security of wireless
networks used within buildings and protect them from so-called "drive-by
hacks."
Bedford, Massachusetts-based RSA and Hifn of Los Gatos, California, have
developed a technology patch for the Wireless Equivalent Privacy (WEP)
protocol designed to encrypt communications transferred over standard 802.11
wireless networks.
Such networks are growing increasingly common within corporations,
warehouses and government offices for laptops and handheld devices where
users need mobility.
"If you are running a wireless LAN (local area network), if someone was
sitting in the parking lot with the correct software and a (wireless
network) scanner they could pick up information flowing over the network,"
said Mike Vergara, director of product marketing at RSA. "They could read
all the traffic."
The current WEP implementation is flawed in that it uses encryption "keys"
or codes for hiding data that are too similar to each other, making it
relatively easy for someone to figure out the keys, Vergara said.
There are tools, such as AirSnort, which surreptitiously grab data moving
across wireless networks and analyze it to decode the encryption, he said.
Fast packet keying
The new technology, called Fast Packet Keying, "enables you to encrypt each
packet of data with a different key," Vergara said.
The technology has been approved by the Institute of Electrical and
Electronics Engineers (IEEE) standards body as an addendum, or patch, to the
802.11 standard, he said.
Device makers are upgrading their software, according to Vergara, but he
didn't know when the patches would make it into devices out in the market.
The patch only addresses the known security vulnerability and does not
address any new holes that might crop up, Vergara conceded.
For that reason, Avi Rubin, a computer security researcher at AT&T Labs,
suggested researchers develop wireless technology using the new Advanced
Encryption Standard (AES), approved by the U.S. government.
AES, which is exponentially more difficult to crack than its predecessor, is
expected to become the standard for securing Internet communications over
the coming years.
Using AES would require new wireless network cards, said Rubin, who was
among the first to discover a way to crack the WEP protocol.
"Band aid approaches may be necessary for the short term," he said. But "for
the next generation of (wireless network) cards they should throw everything
away and design something with AES."
|
