Cisco enhances WLAN security

As expected, Cisco Systems Inc. has beefed up security for its wireless LAN product line to help prevent hackers from hijacking a user’s identity during an authentication session.

Cisco Tuesday will start offering a free software patch that will allow users to add Protected Extensible Authentication Protocol (PEAP) protection to existing 802.11b or WiFi wireless LAN systems. PEAP helps defeat intruders by making it hard for hackers to run a “man in the middle” attack during an authentication session.

Cisco bundled the PEAP patch with an upgrade to its VPN/Security Management Solution and its Access Control Server, which provide security software, such as VPNs, to both wired and wireless networks. Microsoft Corp. included support for PEAP in its Windows XP Service Pack-1, which was released earlier this month.

Cisco is also part of an industrywide group that plans to offers users tougher encryption than the current built-in WLAN Wired Equivalent Protocol by the end of the year. The group includes Microsoft Corp., WLAN chip suppliers and hardware manufacturers.

PEAP does require the use of electronic certificates, which are exchanged by the user with a server during a log-in session. That limits the use of the new software to enterprises that use certificates, according to Craig Mathias, an analyst at FarPoint Group, in Ashland, Mass. Mathias said that “probably a small number of enterprises” use certificates to protect WLAN.

While Mathias viewed PEAP as a step in the right direction, he also cautioned that “there is no such thing as perfect security and there is a confusing landscape of security solutions.” He said enterprises need to decide the level of protection they want to protect various classes of data and develop a security plan that best meets those requirements.