Security WPA2 and WSP IE for Windows XP SP2
Security WPA2 and WSP IE for Windows XP SP2
1. In Focus: WPA2 and WSP IE for Windows XP SP2
If you use wireless networking in your environment, you'll be
interested to learn that Microsoft has released an update to improve
wireless network security for users of Windows XP with Service Pack 2
(SP2). The update enhances the XP wireless client software with support
for Wi-Fi Protected Access 2 (WPA2), which according to the Wi-Fi
Alliance "is based on the final IEEE 802.11i amendment to the 802.11
standard and is eligible for FIPS 140-2 compliance."
WPA2 offers much stronger security than Wireless Equivalent Privacy
(WEP) or Wi-Fi Protected Access (WPA). WEP has long been known to be
vulnerable. I've read at least one account in which a WEP connection
was cracked in only a few minutes. The successor to WEP, WPA, isn't as
easy to crack as WPA, and the new WPA2 standard offers even better
security. The Wi-Fi Alliance said the primary difference between WPA
and WPA2 is that WPA2 uses the Advanced Encryption Standard (AES) to
encrypt network traffic and WPA uses the Rivest Cipher 4 (RC-4)
algorithm.
WPA2 Personal supports preshared keys, and WPA2 Enterprise uses 802.1x
authentication with the Extensible Authentication Protocol (EAP). Like
WPA, WPA2 facilitates roaming access between wireless Access Points
(APs). Several manufacturers already make WPA2-certified APs and
wireless NICs, and many provide WPA2 hardware and drivers that work
with several versions of Windows. For example, Broadcom, Cisco Systems,
Devicescape Software (formerly Instant802 Networks), Intel, and Realtek
Semiconductor all make WPA2-enabled products that can be used on almost
any Windows platform. Other vendors make products based on Atheros
Communications chipsets, which are also WPA2-certified.
Wireless Provisioning Services Information Element (WPS IE) is also
included in the update. Some wireless ISPs are moving from unsecured to
secured networks by implementing 802.1x. As the transitions take place,
ISPs can configure their APs to broadcast one Service Set Identifier
(SSID) for the unsecured network and another SSID for the secure
network. The SSIDs for the secured networks aren't visible on systems
that don't support WPS IE because of the way some APs broadcast Beacon
and Probe Request frames. WPS IE helps computers recognize both types
of wireless AP SSIDs.
You can learn more about the new update at the link above. You can also
learn more about creating secure wireless hotspots in the MSDN Library
article "Securing Public Wi-Fi Hotspots" at
Microsoft TechNet also has a new Cable Guy column, "Wi-Fi Protected
Access 2 (WPA2) Overview." The column explains WPA2 in a fair amount of
detail, including key caching, fast roaming, pre-authentication, and
more.
In addition, Microsoft maintains links to numerous other wireless-
related articles on its Windows Server 2003 Wi-Fi Web site.
A new white paper, "Deploying Wi-Fi Protected Access (WPA) and WPA2 in
the Enterprise," is available in PDF format at The Wi-Fi Alliance's Web
site (first URL below). A 60-minute presentation, "Wi-Fi Protected
Access: Locking Down the Link," by Michael Disabato of the Burton
Group, reviews WEP, WPA, WPA2, implementation, and more and is also
available at the Wi-Fi Alliance Web site (second URL below).
In the Web chat "Reality Check: What to Expect with Windows Server 2003
Service Pack 1," Michael Otey will answer your questions about Windows
Firewall, Data Execution Prevention (DEP), boot-time protection, the
Security Configuration Wizard (SCW), and much more. Thursday, May 12,
12:00 noon Eastern (9:00 A.M. Pacific).
2. Security News and Features
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
SANS Reports Most Dangerous Vulnerabilities for Q1 2005
SANS released a list of what it considers the most dangerous
vulnerabilities discovered in first quarter 2005. Affected products
include multiple Microsoft products; Computer Associates' License
software; multiple Oracle servers; media players Nullsoft Winamp, Apple
Computer's iTunes Music Store, and RealNetworks' RealPlayer (and
Microsoft Windows Media Player); antivirus products from Symantec,
Trend Micro, and McAfee; and DNS services in Symantec security products
(and Windows OSs).
Sobering Worm Inundates Inboxes
The latest incarnation of the Sober worm is inundating inboxes in
some countries with an enticement to win tickets to the World Cup
soccer tournament in Germany. The email message that carries the worm
(known as Sober.N, Sober.O, Sober.P, Sober.S, or Sober.V, depending on
which antivirus vendor database you check) could also have a different
message subject and content.
Resources and Events
Improve the Availability of Your Exchange Servers
Managing storage growth, providing application resiliency, and
handling small errors and problems before they grow are all important
aspects of boosting your Exchange uptime. In this free Web seminar,
discover how storage and application management techniques for Exchange
can be used to improve the resiliency and performance of your Exchange
infrastructure. Register now!
Updating Software on Windows Desktops and Servers: WSUS and Beyond
In this free Web seminar, join industry expert Dan Holme as he
explores options for implementing and managing WSUS and other automated
solutions in your organization. You'll learn how WSUS makes it easy to
keep Windows systems and Microsoft applications up-to-date with
patches, security rollups, drivers, and updates. Plus, you'll discover
alternatives to manage the deployment and patching of non-Microsoft
software.
Establish a Manageable Desktop Software Configuration and Control IT
Costs
Managing desktop software configurations is a manual process,
resulting in unplanned costs, deployment delays, and client confusion.
In this free Web seminar, find out how you can meet software-package-
preparation requirements and increase your desktop reliability, user
satisfaction, and IT cost effectiveness. You'll learn about the new
application process, issue management during package preparation,
historical recording and reporting, and more.
Take the Hack IIS 6.0 challenge now!
Follow along as industry guru Roger Grimes puts IIS 6.0 to the test.
The first hacker to succeed will win an Xbox.
Get Ready for SQL Server 2005 Roadshow in a U.S. City Near You--and in
Europe
Get the facts about migrating to SQL Server 2005. SQL Server experts
will present real-world information about administration, development,
and business intelligence to help you implement a best-practices
migration to SQL Server 2005 and improve your database computing
environment. Attend and receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine. Register now!
For a U.S. city
For Europe
Featured White Paper
Phishing, Viruses, Bot-Nets and More: How to Prevent the "Perfect
Storm" from Devastating Your Email System
Unfortunately, fragmented appliance-based and software-based
antispam solutions operating inside the email gateway can't prevent a
potentially devastating impact on your email system and users. In this
free white paper, learn how you can protect your email boundary and
stop attacks with a multilayered approach that effectively prevents the
perfect storm from ever reaching your email gateway. Download your copy
now!
Hot Release
Best Practices for Establishing and Enforcing a Security Policy in Your
Business
With all the viruses, Trojans, spyware, malware, and malicious
attacks out there, is your company as prepared as it can be to fend off
these threats? This white paper will provide you with detailed
information for establishing and enforcing a security policy so that
you have a safety net to fall back on and can ensure that you're making
the right decisions at a demanding time. Specifically, you'll go
through the process of creating a security policy and creating an
incident response plan to prepare your organization for the worst-case
scenario.
3. Security Toolkit
Security Matters Blog: 20 Security Fixes for Mac OS X
Got Mac? If you do, check Apple Computing's download site to see if
you need to install the latest security update. The company released
Security Update 2005-005 for Mac OS X 10.3.9 (client and server
editions), which contains 20 security fixes.
Security Forum Featured Thread: Guest User Password Required
A forum participant writes that he has a Windows 2000-based mixed-
mode domain. He wants to know if there's a way to use Group Policy to
force a password to be required for the Guest user account at the
domain level. If not, how can he set the local policies on each system
without having to physically visit each computer?
at
Announcements
SQL Server Magazine Gives DBAs and Developers What They Need
With SQL Server 2005 right around the corner, it's important to note
that SQL Server Magazine is on target to deliver comprehensive coverage
of all betas of the new product and the final release. If you aren't
already a subscriber, now is the time to subscribe. Act now and save
47% off the cover price, plus get the new Reporting Services poster.
Nominate Yourself or a Friend for the MCP Hall of Fame
Are you a top-notch MCP who deserves to be a part of the first-ever
MCP Hall of Fame? Get the fame you deserve by nominating yourself or a
peer to become a part of this influential community of certified
professionals. You could win a VIP trip to Microsoft and other valuable
prizes.
4. New and Improved
Server Monitoring Service
TAB Computer Systems today announced the availability of PatrolDog
2.0, a monitoring and support service for small businesses' file
servers. PatrolDog monitors (over the Internet) critical server items
such as Windows event logs, daily backups, disk space usage, power
issues, hardware failures, and virus and security issues. TAB is
currently offering a trial of PatrolDog, in which it will gather and
analyze your server information and then email you a server status
report. Pricing is per month: $60 for the first server, $40 for the
second server, and $20 for each additional server.
