>From the SANS Newsbites " --31 October 2002 WPA is New Wireless Standard The Wireless Fidelity Alliance has released a new standard called Wi-Fi Protected Access (WPA). The standard will replace the easily broken security presently used by many wireless networks. WPA employs dynamic key encryption in the form of the Temporal Key Integrity Protocol (TKIP); WPA also provides improved network user authentication. http://www.usatoday.com/tech/news/computersecurity/2002-10-31-wireless-secur ity_x.htm http://www.pcworld.com/news/article/0,aid,106530,00.asp http://www.computerworld.com/securitytopics/security/story/0,10801,75533,00. html http://news.com.com/2100-1033-964046.html [Editor's Note (Shpantzer) Who will go to the trouble of implementing this temporary 'solution' only to replace it when 802.11i comes out? Ted Ipsen, from the Information Risk Management practice at KPMG LLP, says users should skip the WPA purchase altogether. Cisco put TKIP and its own proprietary implementation of EAP (Cisco LEAP) into their hardware about a year ago, and it's still only a stopgap measure. Layer 2 security should still be considered to be broken, even after WEP2 comes out next year. Ted always ask clients: "Do you rely on your CAT5 cable and your Ethernet switches to provide you with confidentiality, integrity and availability?" Use Layers 3 through 7 and architecture to defend your resources. (Ranum): How long will TKIP last? This is basically a layer of re-keying atop a broken cryptosystem. You can't build a castle on foundations of used chewing gum!]
" Kevin Miller Managed Security Services Inflow Inc. www.inflow.com Work:�303-942-2934 Mobile: 303-548-1760 -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
