Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Cisco releases WLAN security protocol
It's designed to defeat password dictionary attacks
April 13, 2004 12:00 PM ETComputerworld -
Cisco Systems Inc. announced the availability of a protocol that's designed to defeat brute-force dictionary attacks that capture users' passwords in its wireless LAN products. The company urged end users and systems administrators to download the related patch from its Web site.
Joshua Wright, a systems engineer and deputy director of training at the SANS Institute in Bethesda, Md., developed an automated dictionary-attack tool last year that could be used against Cisco's Lightweight Extensible Authentication Protocol, known as LEAP (see story) while working at Johnson & Wales University in Providence, R.I. Wright released the attack tool last week, according to Cisco. A dictionary attack is a method in which an attacker runs millions of passwords against a database until a match is eventually found.
Chris Bolinger, manager of wireless LAN product marketing at Cisco, said the company's new protocol defeats dictionary attacks by sending credentials through an encrypted tunnel. The patch is relatively easy to install, Bolinger said, and it updates wireless LAN client software on a notebook or laptop computer.
Cisco announced the availability of the protocol, called the Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), and made it available to the Internet Engineering Task Force in February (see story).
Bolinger said he expects other wireless LAN vendors to incorporate EAP-FAST into their security offerings.
Wright said that while he believes EAP-FAST is a better authentication solution than Cisco's proprietary LEAP, "I am not yet convinced it is completely secure." He recommended that users migrate to the Protected Extensible Authentication Protocol, which is also available from Cisco, instead of experimenting with EAP-FAST, since PEAP is a more established protocol.
Wright said the source code and a Windows executable for his dictionary attack tool are available at http://asleap.sourceforge.net.
Read more about mobile and wireless in Computerworld's Mobile and Wireless Knowledge Center.
Mobile/Wireless
Additional Resources
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Accelerating Your Mobile Workers: Controlling the Uncontrollable
Today's workforce is truly mobile. Unlike the managed environment of the office LAN, remote users face many challenges to being productive while out...
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Managing Laptops Outside the Office
Learn how you can reduce costs by tracking mobile computers no matter where they are located.
How to Improve Remote User Satisfaction and Maximize ROI by Using SSL VPNs
Download this white paper today!
Mobile U Webinar
Watch Now!
The New Mobile Order
Download Now
4G Ahead Video Program
Uncover the features and benefits of the two leading 4G technologies for enterprises considering future deployment.
WAN Application Delivery for Executives
Learn how to simplify server and application administration without creating performance problems for distributed users.
Horror stories: Managing IT Across Multiple Locations
How one extra sharp IT manager eliminates daily agony, hassle and repetition.
Computerworld Reports
Sign up to receive updates on the latest Mobile and Wireless resources
