- Worst of the lot: PCConnection and PCMall
- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Cisco loses $2 million order to Nortel
- Enterasys, Extreme hooking up?
Rss FeedThe movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
WEP is notoriously bad. We set out to find out just how bad.
The most egregious issue with WEP is its lack of key management. You pick an encryption key, give it to your users and then - typically - never change that key. Anyone who can recover your key can then decrypt all WEP traffic you've sent using it, compromise the privacy of your network and get a good handle on its access controls.
Based on several years of testing WEP products, we predicted the key recovery method employed by hacker tools such as WEPCrack and AirSnort (see How we did it) would be obsolete today because there are a variety of techniques that can defeat them. This round of testing proved that assumption dead wrong (see graphic, below). In addition to more than 40% of the products failing our WEP-cracking test, we found that some vendors actually have moved backward, meaning newer products might be more vulnerable to attack than older products.
Most vendors - trying to explain away the fact they are shipping code vulnerable to 3-year-old attacks - argued with us when we pointed to test results that showed their WEP implementations were cracked easily. Most justified their vulnerable WEP implementations by saying something akin to "if you were serious about security, you wouldn't be using WEP." That said, we still believe it's a bad idea to ship vulnerable products.
Although we checked with technical support regarding all products that failed our AirSnort test, only the three wireless switch vendors - Airespace, Aruba Wireless Networks and Trapeze Networks - went back to the lab and patched the holes for a retest.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
