I am well aware of the many security vulnerabilities that exist on wireless networks as well as the inadequacies of WEP. I was curious if anyone has had any experiences with Cisco’s LEAP authentication protocol? I have scoured the net for reviews or documents examining any potential vulnerabilities, but have not been able to find any. Any and all help or information would be appreciated.
Thanks in advance,
Jason Hyska
Worldwide Information Security
Johnson & Johnson
jhyska1@corus.jnj.com
Thus spake "Hyska, Jason [JJCUS]" <JHyska1@CORUS.JNJ.com>
I am well aware of the many security vulnerabilities that exist
on wireless networks as well as the inadequacies of WEP.
WEP's only real failure was the failure to specify keying; vendors (and users)
with less security experience interpreted this to mean static keys were
sufficient.
The choice of RC4 was unfortunate given the above problem, but the coming switch
to AES should fix that.
I was curious if anyone has had any experiences with Cisco's
LEAP authentication protocol? I have scoured the net for
reviews or documents examining any potential vulnerabilities,
but have not been able to find any. Any and all help or
information would be appreciated.
LEAP itself is unlikely to present problems, as it's just a means to verify
802.1x credentials and force key rotation. I'd be much more wary of potential
problems in 802.1x itself, since that's the over-the-air portion.
S
Most existing wireless APs cannot keep up with 802.11b doing RC4 (which is
EXTREMELY light on the cpu) at line rate. I'm afraid to see what they
consider acceptable for AES, anything done as a firmware upgrade is going
to be quite limiting. At least for 802.11a I believe they're doing better.