Posted by Chris on August 28, 2009
Ars Technica has posted an article about a not-so-new WPA vulnerability.
Under a perfect set of conditions, researchers have been able to falsify an encrypted short packet (an ARP packet) by deciphering the 64 bit Message Integrity Code (MIC). This allows them to effectively establish a “man-in-the-middle attack ” situation. Quoting the article, “the attacks can certainly present problems, but they do not threaten the overall encryption of the wireless stream”.
So, I have to ask, why is this newsworthy?
Wifi Protected Access (WPA) was never intended to be a permanent solution to the vulnerabilities in WEP.
WPA was released in 2003 before the IEEE 802.11i (WPA2) standard was ratified. WPA implements most (but not all) of the 802.11i standards. WPA doesn’t implement AES encryption, one of WPA2’s strong points and the biggest reason why WPA2 is still considered a viable, very secure solution.
Like WEP, WPA is one of those “use it only if you have to” solutions. Most, if not all AP’s manufactured in the last five years support WPA2. Despite the findings published by these researchers, they are still not able to break the encryption on the WPA packet. At worst case, the exploit might be able to cause a denial-of-service situation in a WPA implementation. Judging from the set of conditions they had to set up in the lab, even that may be unlikely.
Posted in Security, Wireless | Tagged: Security, Wireless, WPA | Leave a Comment »
Posted by Chris on August 22, 2009
More notes from the CCNP ONT Exam Certification Guide. I need help keeping all of the acronyms straight on exam day.
Cisco Wireless Control System (WCS)
Centralized WLAN solution for LWAP’s.
Provides configuration, firmware, radio management, and IDS.
Supports the same monitoring and configuration management features as individual controllers.
Supports up to 50 WLC’s and 1500 AP’s
Administration via CLI, HTTPS and SNMP(v1-v3).
WCS uses SNMP for controller communications
Runs on Microsoft Windows or Linux platforms
Three versions:
WCS Base
Provides basic location services based on the association of the device with an AP
Autodiscovery of AP’s as they associate with controllers
Autodiscovery and containment or notification of rogue AP’s
Map-based display of AP coverage
Radio Resource Management (RRM)
WCS Location
All features of WCS Base plus:
Can utilize historical location data
On-demand monitoring of any single device via RF fingerprinting, accurate to within 10 meters
WCS Location + 2700 Series Wireless Location Appliance
Scales features to support up to 1500 devices
Records historical data for capacity management and trending
Posted in CCNP, Cisco, ONT, Wireless | Tagged: CCNP, Cisco, ONT | Leave a Comment »
Posted by Chris on August 16, 2009
It looks like there could be a hefty dose of wireless on the CCNP ONT exam. In preparation for that I’ve spent the afternoon deep-diving into EAP authentication.
Cisco LEAP
We all know about the issues with WEP. In response to that, Cisco introduced LEAP. It overcame some of WEP’s vulnerabilities but was still highly susceptible to dictionary attack. (the publication of an LEAP exploit at DEFCON in 2003 didn’t help…)
Cisco’s response to that was to recommend the use of strong passwords (10 characters, alpha-numeric, mix of caps and lower-case, etc). Enforcing a strong password policy among end users is difficult at best so LEAP really wasn’t a good answer to WEP. (Not to mention the availability of a tool to exploit it’s vulnerability to dictionary attack) LEAP did have a number of benefits however and was fairly widely deployed.
EAP-FAST
In response to the vulnerabilities in LEAP, Cisco released EAP-FAST in 2004. Defined in RFC 4851, EAP-FAST offered a secure method to set up communication by using TLS to establish an authenticated tunnel.
While this mitigated most of the risk associated with LEAP, EAP-FAST had a vulnerability involving the interception of the PAC, which in turn could be used as the launching point for a dictionary attack.
EAP-TLS
Originally defined n RFC 2716 and updated in March of 2008 in RFC 5216, EAP-TLS is widely supported and offers excellent security. The downside of EAP-TLS is the client-side certificate requirement, making for a more labor intensive deployment, especially on a large scale.
PEAP
A joint proposal by Cisco, Microsoft and RSA Security, PEAP provides most of the security of EAP-TLS without the need for a client-side certificate. If you’ve deployed PEAP, it’s likely been PEAPv0/EAP-MSCHAPv2.
PEAPv1/EAP-GTC is an alternative offering token based authentication and is not supported in Windows.
EAP Authentication Protocols.pdf
Posted in CCNP, ONT, Security, Wireless | Tagged: CCNP, EAP Authentication, ONT | Leave a Comment »
