A Word on Mac Address Filtering

Previous page
Table of content
Next page

Looking Ahead: Wi-Fi Protected Access (WPA)

Late in the process of writing this book the Wi-Fi Alliance (formerly known as WECA, the Wireless Ethernet Compatibility Alliance) released a new extension to their Wi-Fi compatibility suite. Wi-Fi Protected Access (WPA) was developed to address the dual security issues of encryption and authentication. Solutions to both problems are out there in bits and pieces as proprietary technologies, and the IEEE continues to grind ahead with its 802.11i task group, but the Wi-Fi Alliance wanted to get something on the street as quickly as possible to stanch the flow of bad press Wi-Fi has been getting about security. WPA was the result.

WPA is a firmware solution. It was designed to be compatible with existing Wi-Fi compliant hardware, so that a Wi-Fi access point or client could be updated to WPA with nothing more than a firmware upgrade. WPA was crafted to be as compatible with both the existing Wi-Fi standard and 802.11i as possible, and once the 802.11i standard is released, it may be possible to upgrade from WPA to 802.11i via firmware. (We don't really know yet.)

WPA does two things. One is of interest to all Wi-Fi users, big and small. The other is of interest primarily to large corporate users with the resources to mount server-based security solutions.

  • The Temporal Key Integrity Protocol (TKIP) seals the RC4 (weak IV and duplicate IV) flaw in WEP. Keys will be changed and redistributed automatically on a scheduled basis, frequently enough so that key analysis will not be sufficient to reverse-engineer an encryption key. All of this will happen 'inside the box' and won't require any additional expertise on the part of the user, except to the extent that the user must upgrade the firmware of pre-WPA Wi-Fi gear.

  • For enterprise-class organizations with server expertise, WPA will incorporate support for the Extensible Authentication Protocol (EAP) and RADIUS authentication servers. All this will be implemented as part of an 802.1X framework, as I described in the previous section.

A long list of industry vendors were behind WPA at its announcement, including chip makers, firmware houses, and hardware manufacturers. The Wi-Fi Alliance will be adding WPA to the Wi-Fi compatibility suite by mid-2003, so that all gear that carries the Wi-Fi logo will be WPA-ready, right out of the box.

Obviously, I haven't yet tested WPA, nor have the world's cypherpunks and other crypto freaks turned their devilish minds to the question of how secure it really is. Remember, we thought that WEP was airtight when the 802.11 standard was released. There could be holes in WPA as well. However, that being said, I'm pretty sure that whatever holes may appear will not be nearly as broad nor as deep. We may have learned our lesson this time.

If all goes according to plan, WPA firmware upgrades will begin to appear not long after this book hits the streets. Keep your eyes open, and when the upgrades are made available, download and install them. I hope to have more to say about the process on my Web site.


Previous page
Table of content
Next page
Jeff Duntemann's Drive-By Wi-Fi Guide
Jeff Duntemanns Drive-By Wi-Fi Guide
ISBN: 1932111743
EAN: 2147483647
Year: 2005
Pages: 181
Authors: Jeff Duntemann
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
InDesign Type: Professional Typography with Adobe InDesign CS2
Junos Cookbook (Cookbooks (OReilly))
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy