RE: Enhanced Linksys wireless security

["Nunez, Yonesy F." <nunezy () conedsolutions com>]

AES provides stronger encryption (Rijndael Algorithm).  TKIP uses still uses
RC4 (used in WEP).  I'm currently using WPA-TKIP, but I'm planning to use
AES-CCMP with eap-tls when it becomes available (I think the linksys can do
that now, but I don't have my Certification Authority ready to start using
wireless certificates).  Is 802.11i ever going to be ratified?  Best of
luck!

--
Yonesy F. Nunez, CISSP, MCSE, Security+
Technology Services
ConEdisonSolutions
Office: 914.286.7712
NunezY () ConEdSolutions com
Failed to Plan ? ... Then Plan to Fail !!!
((c) Y2K1 JT) 



-----Original Message-----
From: Ricardo Oliva [mailto:ricardo () zoology ubc ca] 
Sent: Thursday, June 24, 2004 12:34 AM
To: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA
Cc: security-basics () securityfocus com
Subject: Re: Enhanced Linksys wireless security

HI Gideon,

This is nothing new. I have been using my WRT54G with WAP-TKIP for at  
least six months now (November 2003). But that is because I am using  
Panther (Os X 10.3.4). I guess the confusion comes from the fact that  
Microsoft only released the Wireless roll-out that included WPA support  
for XP around November, 2003. For some reason, they decided to do it  
very quietly and didn;t even list it as a Critical Update. But Linksys  
had done a good job offereing WPA on it's router.

Now, since you brought the topic up, on the Linksys settings, you can  
either TKIP or AES for keys under WPA. Does anyone has info on which  
one is the most secure? I had to stick with TKIP since for some reason  
I could not get my wireless software to like the AES key.

Does anyone have any input on that?

Please advise.

Cheers
--
Ricardo Oliva
Core Systems Administrator
Zoology Department
University of British Columbia


On Jun 22, 2004, at 16:10, Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA  
wrote:

> Linksys has updated the firmware for the Linksys G router (WRT54G) to  
> include AES and TKIP encryption. I am using TKIP because it changes  
> encryption keys at a configurable period. Locking down access by MAC  
> address provides additional security.
>
> I found this a pleasant surprise because I bought my router over a  
> year ago. Other Linksys hardware may have been updated to include  
> similar functionality.
>
> Kind regards,
>
> Gideon
>
> Gideon T. Rasmussen
> CISSP, CISM, CFSO, SCSA
> Boca Raton, FL
> gideon () infostruct net
>
> National Security Awareness Day - September 10, 2004 - Are you aware?
>
> http://www.linksys.com/download
> ftp://ftp.linksys.com/pdf/wrt54gv1.1_ug.pdf
>
>
>
> ----------------------------------------------------------------------- 
> ----
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545  
> off any course! All of our class sizes are guaranteed to be 10  
> students or less to facilitate one-on-one interaction with one of our  
> expert instructors. Attend a course taught by an expert instructor  
> with years of in-the-field pen testing experience in our state of the  
> art hacking lab. Master the skills of an Ethical Hacker to better  
> assess the security of your organization. Visit us at:  
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------- 
> -----

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------