WPA
WPA
Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards.
Definitions provided by Wikipedia - The Free Encyclopedia
WPA Related Industry News
Alliance to certify Wi-Fi security specs HANOVER, GERMANY -- The Wi-Fi Alliance expects to certify by May its WPA (Wi-Fi Protected Access) set of specifications in the first of several efforts to provide greater security to users of high-speed wireless networks, said Andrea Vocale, a technical expert with the alliance, speaking Monday at a news conference at the CeBIT trade show here.
WPA is a subset of the 802.11i security standard, which has yet to be approved by the IEEE ( Institute of El......
[more] Getting a grip on WLAN futures The wireless LAN world is a pretty bad offender when it comes to Alphabet Soup, what with 802.11b preceding 802.11a, and neither being the same type of thing as 802.11e*. So it was useful to hear Jan Haagh, a senior product manager in Proxim's WLAN division, talk through some of latest acronyms.
One to watch out for is WPA, or WiFi Protected Access. This will replace the original WEP wireless security standard, which turned out to be not very secure after all.......
[more] The Wireless-Security Balancing Act If you choose an EAP that doesn't gain de facto standard status, the access point will be to other EAP clients what a two-hole electrical outlet is to three-pronged plugs. Wireless LANs have been billed as the great security wasteland. But thanks to the 802.11b Wi-Fi community's frenetic activity in the last year, an abundance of good security choices now exist, with more on the way.
Wi-Fi security efforts have focused on encryption and authentication, wi......
[more] Microsoft clips Wi-Fi's wings Three minutes to connect? Just keep waiting says Redmond Microsoft has responded to complaints that Windows XP sometimes has problems connecting to Wi-Fi. Unfortunately, the response is: "Tough. Wait it out."
"This behavior is expected," says a terse article in Microsoft's Knowledge Base. "You must wait up to three minutes for the network configuration to complete."
There's no fix, no patch, no workaround. "The wireless network card driver may not respond......
[more] AirMagnet Unveils New Distributed WLAN Security and Performance Solution AirMagnet, the leader in wireless LAN (WLAN) security and performance solutions, today announced an entirely new version of its Distributed WLAN security and performance system. AirMagnet Distributed 4.0(1) includes a completely new network dashboard, advanced rogue access point (AP) blocking and tracing, extended security and performance policy management, and more than a dozen other new features that allow increasingly d......
[more] THE A to Z of wireless terms and technologies Everything you need to know about Wireless Jargon 802.11a
54Mbps wireless Ethernet operating in the 5GHz band.
802.11b
The industry standard 11Mbps wireless Ethernet operating at 2.4GHz.
802.11e
Defines quality-of-service for wireless local area networks, to support voice-over IP for example.
802.11g
Successor to 802.11b, providing up to 54Mbps over the same 2.4GHz spectrum used by 802.11b.
802.11h
A supplement to 802.11a to ensure t......
[more] Is 802.11a like Betamax? Is 802.11a the Betamax vs. VHS of wireless networking? Betamax was technically better. Why haven't companies adopted 802.11a? We don’t believe that 802.11a will prove analogous to Betamax. The 802.11a radio spec provides a number of advantages over 802.11b for businesses, which more time and usage will make obvious.
At first glance, 802.11g seems to provide a similar performance improvement to 802.11a, with 54M bit/sec as the often-quoted maximum data rate, and the a......
[more] Stronger WLAN security standard approved The IEEE 802.11i specification, the latest set of rules to bolster security on wireless LANs, has received final approval, according to a co-author of the standard.
The IEEE 802.11i subcommittee signed off on the standard Thursday, according to a statement from Trapeze Networks that was attributed to Dan Harkins, a software engineer at the Pleasanton, Calif., WLAN equipment vendor. Harkins was a co-author of several portions of the specification.......
[more] Experts predict Wi-Fi explosion
Now that 802.11i is an official IEEE standard, paving the way for more secure Wi-Fi products, industry experts predict the business community's interest in the technology will skyrocket in the next year or two.
Frank Hanzlik, managing director of the Austin-based Wi-Fi Alliance, said the next step comes in September. That's when his group will start certifying products with WPA2, an update of Wi-Fi Protected Access, which the alliance introduced last year as......
[more] Ensure security best practice when deploying new technologies Managers must balance the benefits of new technologies with the security risks they pose. Use this advice to maintain your security architecture's standards and ensure that it isn't compromised by newly integrated technologies. Topnotch companies wield cutting-edge technology to stay ahead of the pack. But with the breakneck speed at which technologies roll out, an enterprise's supposedly robust security architecture could quickly bec......
[more] Intel formally introduces tri-mode Wi-Fi chip Processor supports 802.11a, b and g As expected, Intel introduced its tri-mode wireless chip Thursday with several software enhancements to the product to help improve security and reliability, it said during a Webcast.
The Intel Pro/Wireless 2915ABG Network Connection allows laptops based on Intel's Centrino platform to connect to the three most commonly used wireless networks found in enterprises and homes. The first notebooks with the chip will b......
[more] Wi-fi nets get security makeover The security systems built into wireless networks have had an overhaul. The update uses stronger encryption and does a better job of letting only authorised users join wireless nets.
The improvements have been made to re-assure businesses that wi-fi networks can be made safe enough to be really useful and widely deployed.
However, with a lot of older, insecure wireless technology already installed, it could be a while before all networks are upgraded and mad......
[more] First Wi-Fi products get security certificate The Wi-Fi Alliance got its next certification programme off to a flying start, issuing WPA2 badges to a bunch of products that comply with the 802.11i security specification. The Alliance is readying other programmes for quality of service and the 802.11n fast Wi-Fi standard due next year.
The WPA2 certified products include generic designs from Atheros Communications and Broadcom, so customers can expect to buy products with the badges on by the en......
[more] 802.11i: The next big thing The IEEE standard called Robust Security Networking is a force to be reckoned with. As an amendment to the original 802.11 WLAN standard, 802.11i replaces the original meager 10-page WEP discussion with more than 200 pages of detailed protocol on how to lock unwanted users out of your wireless network.
Approved in July, 802.11i products have started to appear in the market. Even though we received our test equipment before the final draft of the standard was ratifi......
[more] Gaps remain in Wi-Fi security Sadly the new WPA2 security spec won't make your wireless LAN invulnerable Here's some good news - the Wi-Fi Protected Access 2 (WPA2) spec is finally with us, and the Wi-Fi Alliance has begun certifying compliant products. "Hurrah," I hear you shout, "finally we can have secure wireless networks."
Now the bad news; starting with the fact that WPA2 is not so much a standard as an interoperability stamp for wireless encryption and authentication technologies conform......
[more] Some WLANs open to dictionary attack A dictionary attack tool designed to exploit a weakness the Wi-Fi Protected Access security for wireless LANs has been published on the Web.
The software, called WPA Cracker, exploits one option that can be used in WPA, usually in consumer applications or residential WLANs: a pre-shared encryption key. This key is simpler to use and deploy than using the more complex 802.1x for authentication.
With the pre-shared key, a common shared pass phrase is set f......
[more] Wi-Fi Alliance to Promote WLAN Security The Wi-Fi alliance will use its pull in the industry to improve security measures in wireless LAN hardware over the next year.
The Austin, Texas, trade organization, which confers the right to use the Wi-Fi label on hardware, plans to increase encryption requirements for certification. But members of the security task groups within the alliance stress that the onus of WLAN security still lies with the customer.
Last fall, the group quietly made support......
[more] Why standards are important for wireless security Industry standards play a critical role in R&D, product development and marketing initiatives which in turn help organizations meet their business objectives. Standards simplify product development and reduce non-value-adding costs, thereby increasing a user's ability to compare competing products. Standards also represent fundamental building blocks for international trade and communications.
Successful businesses benefit from standards both......
[more] Microsoft finally acknowledges wi-fi security standard Year's delay - but Window XP supports WPA2 Microsoft has released native support for the IEEE 802.11i wireless security specification in Windows XP and its variants, nearly a year after the standard's ratification. The update, made available on Friday, gives Windows compatibility with WPA2 - the certification based on 802.11i - as well as a standard designed to help laptops connect to secure public hotspots.
The Wi-Fi Alliance's WPA2 is de......
[more] The Case of the Stolen Wi-Fi Whether you're unwittingly sharing your wireless LAN or poaching, be aware of the risks. Benjamin Smith III and Gregory Straszkiewicz both were arrested for allegedly stealing something no one could see, hear, or feel. That thing was valuable enough for victims to press charges in both cases. But the arrests were over something many consumers throw out their windows every day: a Wi-Fi signal.
The idea of a police car roaring down the street to catch a roving "Doom"......
[more] Your SSID Isn’t Hidden Forever A common security practice among wireless network administrators is to disable Service Set Identifier (SSID) broadcasting on wireless access points or routers. The reason is that disabling SSID broadcasting is supposed to hide and protect their wireless network. Even if an individual knows there is a wireless network at a certain location, this person must know the SSID to establish a connection with the network.
Therefore, hiding the SSID by disabling SSID broa......
[more] Security fears over London's blanket Wi-Fi Security company McAfee on Tuesday raised security concerns over the City of London's plan to install a Wi-Fi network throughout the Square Mile. The system will be constructed by The Cloud, and should give most of The City's workers always-on wireless access within six months.The Wi-Fi network will be installed in existing street furniture including lamp posts and street signs, and will "allow City workers and visitors with Wi-Fi enabled devices......
[more] 802.11w fills wireless security holes IEEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, patched the holes in the original Wired Equivalent Privacy specification by introducing new cryptographic algorithms to protect data traveling across a wireless network. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network. Traditionally, management frames did not contain sensitive information and......
[more] WiFi to cover London’s Square Mile London's Square Mile financial district will have near total WiFi coverage by the end of this year.The wireless network will be installed in street furniture such as lampposts and street signs. The City of London Corporation, which commissioned the network, says it will be the first of its kind in the world with full roaming capability.Traditional wireless links comprise standalone hotspots, but the City's new platform will be a mesh network that enables conti......
[more] SnapGear Awarded CRN Test Center's "Recommended" for Securing Wired and Wireless Access for SMEs Secure Computing Corporation, the experts in securing connections between people, applications and networks, today announced that Computer Reseller News (CRN) has awarded the "CRN Test Center Recommended" designation to the SnapGear SG565. The review praises the SG565 for delivering an exceptional all-in-one appliance that secures both wired and wireless access for small- and medium-sized......
[more] Researchers crack WEP WiFi security in record time The WiFi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend. Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the i......
[more] Wireless Protocols Learning Guide Ensuring wireless security can still be a big hold-up to the actual deployment or the continued use of a wireless network in the enterprise. This section of the Wireless Protocols Learning Guide covers monitoring and security policies for a wireless network in addition to a discussion of available tools and configurations that enhance wireless security. WLAN technology deployments have increased, and federal regulations (such as HIPAA, Sarbanes Oxley and Gramm-L......
[more] Cafe Latte attack steals data from Wi-Fi users If you use a secure wireless network, hackers may be able to steal data from your computer in the time it takes to have a cup of coffee. At the Toorcon hacking conference in San Diego this coming weekend, security researcher Vivek Ramachandran, will demonstrate a technique he's developed to attack laptops that use the WEP (Wired Equivalent Privacy) encryption system to log on to secure wireless networks. Developed in the late 1990s, WEP was the def......
[more] WEP destroyed by new client hack It was cracked long ago, but still hacks for the discredited WEP wireless security protocol keep coming.The latest one to be uncovered is the work of AirTight Networks' researchers Vivek Ramachandran and MD Sohail Ahmad, and was demonstrated at last weekend's Toorcon9 conference. Aided by flaws in the Windows Wi-Fi stack, the new attack involves coaxing an isolated Windows laptop into sending back ARP packets in response to a barrage of the same from the attacki......
[more] Retail Wi-Fi Wide Open to Hackers, Study Finds A study has discovered that while retailers are physically securing their businesses to prevent theft, they are not taking the same precautions with their wireless security. The "2007 Retail Shopping Wireless Security Survey" conducted by AirDefense, tested the wireless "perimeters" of 3,000 shops across the United States and parts of Europe. It discovered that of 2,500 wireless devices such as laptops, hand-helds, and barcode sc......
[more] Wi-Fi virus outbreak is possible, researchers say If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University. The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, with most of the infections occurring within the first day. "The issue is that......
[more] UK's most popular Wi-Fi router defaults to insecurity From the folks at security think tank GNUCitizen comes yet another demonstration of the insecurity that's present by default in the UK's most popular home broadband router. By default, the BT Home Hub, which is manufactured by Thomson/Alcatel, uses a weak algorithm to generate keys used for locking down a Wi-Fi network. So weak, in fact, that Wired Equivalent Privacy (WEP) keys can be predicted in just 80 guesses on average. GNU has written a......
[more] Are You Ready for the All Wireless Workplace? With 802.11n offering performance and security on par with cabled Ethernet, why wouldn’t you embrace wireless? This, anyway, is the vision of WLAN equipment vendors. The most telling slogan is Motorola’s: “Wireless by default, wired by exception.” The truth, though, is this all-wireless vision takes some parsing. All-wireless is coming—if you’re talking about the end-user perspective. No one is proposing wireless data centers. Ethernet t......
[more] WiFi is no longer a viable secure connection Global Secure Systems has said that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi ‘password recovery' times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless data. David Hobson, managing director of GSS, claimed that companies can no longer view standards-based WiFi transmission as sufficiently secure against eavesdropping to be used with......
[more] London consumers trounce corporates in wireless security London homeowners are more careful about defending their wireless networks against trespassers than their corporate counterparts. One in five business networks fail to use any form of wireless encryption while 90 per cent of Londoners use encryption of some kind at home. RSA's seventh annual wireless security survey also found the wireless penetration at home was far more advanced than in either New York City or Paris, with 55 per cent of......
[more] Once thought safe, WPA Wi-Fi encryption is cracked Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption and read data being sent from a router to a laptop computer. The attack could a......
[more] Plan to extend police-hacking powers gathers pace The UK government has agreed to work with the European Parliament on plans to extend police powers to conduct remote searches of computers. The European Union Council of Ministers approved a plan in November 2008 to grant law-enforcement authorities in member states the power to perform remote searches of suspects' computers, as well as to perform 'cyber patrols' of the internet and increase data sharing between European police forces. The plan,......
[more] Russians start selling Wi-Fi encryption cracker The Russian security company that caused a stir some months by talking up its cracking tool for recovering Wi-Fi encryption keys, has started selling its software to all-comers in a specially packaged product. Normally, running a tool to do this on a conventional Intel Core 2 Duo desktop PC would take months to brute force even a single 8-character WPA/WPA2-PSK password, of which there are trillions of possible alpha-numeric combinations at that b......
[more] Elcomsoft software means WiFi users should step up security Global Secure Systems has said that the release of a WiFi password auditing utility by Russia's Elcomsoft should act as a wake-up call on the dangers of wireless insecurities to all IT managers. David Hobson, managing director of GSS, claimed that the release of the Wireless Security Auditor by Elcomsoft moves the wireless security ballgame on by several stages as it highlights the fact that WiFi users need to be using more complex alph......
[more] Enterprises still neglecting WLAN security Most European enterprises are neglecting their wireless LAN security, with an alarming number using only the most basic security protection for their wireless networks. So discovered a Motorola survey carried out by Vanson Bourne, which found that over half (65 percent) of large European companies use the same security measures for both wired and wireless networks, when in reality, they need different handling. The survey questioned 400 IT directors at......
[more] Financial districts a wireless hacker's paradise The majority of wireless access points located in seven metropolitan financial centers have easy-to-break or nonexistent security, according to a survey conducted by security firm AirTight Networks and published on Wednesday. The survey, which summarized more than 30 scans in six U.S. cities and London, found that 57 percent of the access points had no security or used Wired Equivalent Privacy (WEP), an older and easy-to-hack form of encryption.......
[more] China to propose WLAN security standard for global use again China will submit its wireless LAN security protocol to the International Organization for Standardization (ISO) for consideration as a global standard, years after its rejection by the standards body incensed Chinese backers. China will handle "follow-up application arrangements" after a resolution by the international group encouraging it to submit the protocol, Huang Zhenhai, secretary general of the semi-official C......
[more] PCI clarifies procedures to secure Wi-Fi The group charged with administering the Payment Card Industry Data Security Standard (PCI DSS) has begun issuing guidance documents that merchants can use to help them better understand and adhere to payment security standards. On Thursday, the PCI Security Standards Council published its first installment: a 33-page paper for clarifying how retailers should secure their wireless internet environment. “The guidelines are not there to add any new c......
[more] How to Prevent a Heartland-Style Data Breach The United States Department of Justice announced today the arrest of Albert Gonzalez, a 28-year old Miami man, in the largest identity theft prosecution on record. Gonzalez is accused, along with two as-yet-unnamed Russian co-conspirators, of compromising more than 130 million credit and debit card accounts from a variety of targets including Heartland Payment Systems and 7-Eleven. While the Department of Justice should be commended for the successf......
[more] New attack cracks common Wi-Fi encryption in a minute Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further......
[more] New cloud-based service steals Wi-Fi passwords For $34, a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes, its creator says. Launched today, the WPA Cracker service bills itself as a useful tool for security auditors and penetration testers who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, which are used by some home and small-business u......
[more] Overlooked online threats There's the danger you know, and then there's the danger you don't know. Most of us are rightfully wary of downloading and running programs that have no pedigree, or of performing day-to-day operations as an administrative user. But with each passing year, new security threats march in to eclipse the old, many of them not getting their share of attention until it's too late. Threats go unappreciated for various reasons. Some seem too obscure or unlikely to be valid unt......
[more]
