Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Tokenless Access Control For Securing Wireless Networks

SecurEnvoy : 13 October, 2011  (Technical Article)
SecureEnvoy details the use of tokenless two-factor authentication as an alternative low-cost solution to the problems of securing wireless networks
Tokenless Access Control For Securing Wireless Networks
Responding to research claiming to show that whilst wireless users are now more aware of the need for security, many wireless networks are still insecure, SecurEnvoy says that easy-to-use authentication may be a low-cost solution to the problem.

According to Steve Watts, co-founder of the tokenless two-factor authentication specialist, what is interesting about the research from the Wi-Fi Alliance is that 97 per cent of respondents believed that their data on wireless devices and networks is safe and secure.

“In fact, as recent developments in the field of password recovery software from the likes of Elcomsoft has shown, even a WPA2 password is crackable. Using the professional version of Elcomsoft's Wireless Security Auditor software, for example, allows `password recovery' to take place on a computer with up to 32 CPUs and 8 GPUs to crack WiFi encryption using a brute force attack,” he said.

“Review tests of Elcomsoft's WSA software have shown the application can brute force crack as many as 103,000 WPA2 passwords per second – that's more than six million passwords a minute - on an HD5390 graphics card-equipped PC. You don't need to be a maths genius to work out the repercussions for a supposedly strong eight-character WPA2 wireless passphrase here,” he added.

Watts went on to say using longer WPA2 password on WiFi networks is now an absolute must for any company that takes its network security seriously. Other options - including two-factor authentication - should also be moved from the nice-to-have into the must-have security category, he noted.

The irony of the fact that many wireless users will be using a smartphone to access the Internet and/or company resources across a WiFi connection is also something that should not go unnoticed, he says, as users can also use their smartphone as an authentication device for the same session.

This, he explained, avoids the need to carry easily-mislaid hardware authentication devices around, whilst at the same time giving users a far higher degree of security than is available using wireless passwords and user IDs/passwords on their own.

In fact, says the SecurEnvoy co-founder, if the underlying wireless network can be compromised by hackers, then the user ID and password can be eavesdropped, along with entire communications sessions, regardless of whether it is email, general Internet surfing or corporate system plus folder interactions.

“The Wi-Fi Alliance's research confirms a lot about wireless user behaviour that security experts have known about for some time. But the fact that wireless access point users are getting sloppy with their password length – eight characters is clearly no longer sufficient – makes a clear case for easy-to-use authentication,” he said.

“And if that authentication is tokenless, that makes the logon process a lot easier for the user, meaning that even if the underlying wireless connection is not entirely secure, the use of authentication and encrypted VPN technology can make the actual data transmissions far more secure. And that's a must-have in today's company information-rich environment,” he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo