Cisco Systems has beefed up security for its wireless LAN product
line to help prevent hackers from hijacking a user's identity
during an authentication session.
Cisco will offer a free software patch that will allow users to add
Protected Extensible Authentication Protocol (PEAP) protection to
existing 802.11b or WiFi wireless LAN systems. PEAP helps defeat
intruders by making it hard for hackers to run a "man in the
middle" attack during an authentication session.
Cisco bundled the PEAP patch with an upgrade to its VPN/Security
Management Solution and its Access Control Server, which provide
security software, such as VPNs, to both wired and wireless
networks. Microsoft included support for PEAP in its Windows XP
Service Pack-1, which was released earlier this month.
Cisco is also part of an industry-wide group that plans to offers
users tougher encryption than the existing built-in WLAN Wired
Equivalent Protocol by the end of the year. The group includes
Microsoft, WLAN chip suppliers and hardware manufacturers.
PEAP does require the use of electronic certificates, which are
exchanged by the user with a server during a log-in session. That
limits the use of the new software to enterprises that use
certificates, according to Craig Mathias, an analyst at FarPoint
Group. Mathias said that "probably a small number of enterprises"
use certificates to protect WLAN.
While Mathias viewed PEAP as a step in the right direction, he also
cautioned that "there is no such thing as perfect security and
there is a confusing landscape of security solutions". Enterprises
need to decide the level of protection they want to protect various
classes of data and develop a security plan that best meets those
requirements, he added.