A new WLAN security specification is gaining momentum in the marketplace, with several vendors set to announce new products that use the technology. However, experts warn that the specification, 802.1x, has unresolved problems and should not be considered a panacea for the security ills plaguing wireless LANs.
802.1x is designed as a framework on which companies can layer authentication methods such as smart cards or certificate-based systems. But security experts say it has limitations. Researchers at the University of Maryland earlier this year found two security problems in the 802.1x standard that enabled them to hijack user sessions and execute man-in-the-middle attacks. The IEEE working group responsible for the standard is in the process of fixing the problems now.
“I don’t think that .1x is the answer to all of the problems with 802.11. Clearly, the crypto needs – and has received – lots of work,” said William Arbaugh, assistant professor of computer science at the University of Maryland, in College Park.
More Here at eWEEK.