Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Angel And Devil On Cisco's Shoulders

It's my picture, but the blog today is courtesy of Dave Haskin, editor of our Mobile Pipeline site. Dave, who has been following Cisco's missteps with WLAN security, says the company needs to step up its efforts in this arena, a sentiment that users of Cisco's WLAN gear no doubt agree with. Take it away, Dave:

Cisco Systems apparently has an angel on one shoulder and a devil on the other when it comes to wireless security. The angel issued a security advisory this week about a hole in Cisco's Wireless LAN Solution Engine and offered patches to fix the problem.

The devil, however, has done nothing in the last year about an often-discussed problem with Cisco's LEAP authentication system. As a result, one frustrated networker released a tool this week that attacks the weakness, apparently hoping to prod Cisco into action.

I don't necessarily blame Cisco for the security problems. After all, absolute security is an oxymoron and all we can hope for is that vendors commit to do their best to prevent them and to fix them rapidly when they come to light.

But the LEAP issue has been discussed for a year or more. I spoke with the CIO of a large systems integrator and he said his company has long known about the problem and has deployed other security solutions. Since LEAP is proprietary, though, Cisco had a lot invested in it and, perhaps because of that, it didn't take adequate action to fix the problem. It still hasn't, other than to issue a tepid warning.

  • 1