IPSec and SSL VPNs are famous solutions to protect networks linked with WAN connections. So people may choose same to protect their wireless networks too. WPA fixed flaws of WEP by introducing TKIP and 802.1x/EAP or WPA-PSK as secure authentication methods. Unfortunately, TKIP is based on same cipher as WEP (RC4). When WPA2 was released it came with CCMP (Counter Mode CBC-MAC Protocol) encryption. The cipher used in CCMP is AES which is considered as strongest among IPSec VPNs. The end result is WPA2 provides same strong encryption as IPSec VPNs.
But WPA-PSK and 802.1X/EAP-LEAP authentications are both vulnerable to brute force attacks surprisingly. Even though vulnerable WPA2 authentication methods do exist, some secure methods are there too such as EAP-TLS, EAP-TTLS or PEAP which keeps credentials securely using tunnelling similar to SSL. Like that it satisfies WPA2 Enterprise Standards. WPA2 Enterprise secures the wireless link in Layer 2 but if consider about layer 3 technologies such as IPSec to protect it too, it would become less scalable and manageable.
So this myth also can be taken as partially correct.
References
Miller, B & Hill, G 2006, ‘Eleven Myths about 802.11 Wi-Fi Networks’, Expert Reference Series of White Papers , 18 August, pp. 4-5, Global Knowledge Training LLC., viewed 15 August 2010
‘Figure 1’ [image] in 2009, ‘The second day of the School on Low Cost Wireless’, school2009, viewed 15 Aug 2010, http://wireless.ictp.it/groups/school2009/wiki/8d8fe/Group_Two's_-_Day_Two.html
The previous episode of this series was posted on 8th Aug 2010 which can be found easily in this blog.To be continued…
No comments:
Post a Comment