Cisco will implement the draft security standard, called 802.1x, on its Cisco Aironet 350 series of 802.11b-compliant WLAN (wireless local area networking) products, the company said in a statement Monday. Microsoft, Cisco, and a group of other companies have teamed up on what Cisco is calling the first enterprise authentication and security architecture based on the draft 802.1x and EAP (Extensible Authentication Protocol) standard, published by the Institute of Electrical and Electronics Engineers (IEEE).
The new standard is meant to address security holes raised by the popular 802.11b, or Wi-Fi, wireless network standard. Researchers at the University of California, Berkeley, recently identified weaknesses that could potentially make Wi-Fi networks vulnerable to hackers. In the research paper released in February, university researchers concluded that the protocol used to access corporate networks has "major security flaws" and is vulnerable to hackers using easily to obtain equipment. The protocol is referred to as the Wired Equivalent Privacy (WEP) protocol and is used in the IEEE 802.11 international standard for wireless LAN (local area network) communications.
The protocol is vulnerable to attacks that decrypt traffic, according to the members of the Internet Security Applications, Authentication and Cryptography (ISAAC) group in the university's Computer Science Division. Researchers were able to intercept and modify transmissions and access restricted networks. The ISAAC research can be viewed at http://www.isaac.cs.berkeley.edu/.
According to a Cisco white paper, the company said it was aware of the security flaws in the WEP protocol before the company developed its Aironet architecture. Cisco, in its white paper, agreed with Berkeley researchers who cite inherent weaknesses in WEP and that the weaknesses exist regardless of the length of the encryption key used.
In general, the extent of the vulnerability depends on whether static or dynamic WEP is used, according to Cisco. The Cisco Aironet wireless security adds to 802.11b WEP by creating a per-user, per-session, dynamic WEP key tied to the network logon, Cisco said. This addresses the limitations of static WEP keys while providing a deployment that is easy to use for administrators, Cisco said.
For more specifics on the security augmentations made by Cisco, go to http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1281_pp.htm/.