Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Holes in Wireless Nets

    By
    eWEEK EDITORS
    -
    February 26, 2001
    Share
    Facebook
    Twitter
    Linkedin

      That the latest security land mine facing it managers has been found among existing wireless networks shouldnt come as a surprise. After all, the Wired Equivalent Privacy algorithm, part of the 802.11 wireless LAN standard, was not designed as a strong security measure by todays standards.

      Nevertheless, we wonder why finding the holes took so long. What alarms us about the security flaws found recently by researchers from the University of California and Zero Knowledge Systems are the procedures—or more accurately, the lack thereof—that went into creating the algorithm and adopting it as a standard. An examination of that process reveals that whats wrong with WEP is exactly whats wrong with the way technology vendors design security products.

      The four types of attacks detailed at www.isaac.cs.berkeley.edu/isaac/wep-faq.html show clearly that WEP could have been made better than it was. And its all but certain that it would have been made better if it had gone through a stricter public review. In fact, there was no public review of WEP at all before it became a standard; it became a de facto standard of the vendors, such as Cisco, that put it together.

      This cobbled-together approach left open several security holes, such as the use of key management techniques that rely on shared cryptographic keys between all wireless access points, as opposed to the use of multiple keys, which would ensure more robust security.

      The international standards body processes may be slow, but they produce more efficient standards than those formed by rushing something out merely to build market share on the momentum of a vendor-driven technology.

      Work is being done on a follow-on algorithm that can replace the existing WEP algorithm, but again, much of that work is coming from vendors trying to control the process rather than letting the best solution emerge.

      As David Wagner, one of the UC Berkeley computer scientists who reported on the WEP flaws, said: “Our wireless networks are absolutely more vulnerable than our wired ones are. Maybe 10 or 20 years from now, security will be at the forefront of the process when people design wireless networks, but for now youll continue to see these problems.”

      None of us can wait 10 to 20 years for the security mind-set to become part of development. Security has to be infused in that process, not an afterthought. A culture of security must guide the development of all the e-business elements —applications, protocols, algorithms and operating systems—that must work together or not work at all.

      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×