Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
669
Views
0
Helpful
3
Replies

New security features to version 11.10T AP firmware?

daveman
Level 1
Level 1

‎12-18-2001 06:53 PM - edited ‎07-04-2021 10:54 PM

So I see in the release notes of the latest AP firmware that there are 2 new security enhancements. One is the Message Integrity Checking (MIC) and the other is the WEP key hashing which is suppose to defend against attacks that use the initialization vector in encrypted packets to calculate the WEP key.

Will these new features eliminate attacks by freeware products such as Airsnort?

Does this make WEP keys essentially unbreakable? If so then does that eliminate the need for rotating keys, i.e. EAP or LEAP?

I assume these changes were brought on by the IEEE's agreement on RSA's WEP security fix...

http://www.computerworld.com/storyba/0,4125,NAV47_STO66707,00.html

Should we expect to see any other changes to WEP anytime soon?

Labels:
0 Helpful
3 Replies 3

James Strong
Level 1
Level 1

‎12-26-2001 05:26 PM

Hello,

It is my understanding that the RSA patch is a double hashed initialization vector. Although the Cisco solution is well on the way to a better solution, it is proprietary. All of your clients must be Cisco radios and they must have the latest firmware, NDIS drivers, and ACU to take advantage of this fix. The new ACU is a big step forward featurewise, and worth installing for the features.

0 Helpful

alan.holt
Level 1
Level 1

‎01-03-2002 03:11 PM

There is another security enhancement that allows the broadcast WEP key to be rotated as well. Previously the broadcast WEP key was static on the AP. I think the same key is also issued for multicast traffic. A key is not required for the client for this operation.

0 Helpful

luponec
Level 1
Level 1

‎03-06-2002 01:59 AM

replay to SECUREID trouble

I verified that at this moment it is not possible to use an OTP(One Time Password) with LEAP protocol 'couse this kind of authentication uses a One Way process while link between AP and NICs is Two-way kind: client is autenticated by AP --> and viceversa <--- .

So is not a Cisco secure bug, instead a security policy for wireless to block a "stranger" AP.

I contact RSA (secure-id manifacture) and Cisco italia, both told me they are going to develope a new protocol (PEAP) to solve the problem.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card