Security

Reply
Moderator
Posts: 241
Registered: ‎09-12-2007

WEP/TKIP being removed from Wi-Fi certified products

I am not sure how widely publicized this is yet, but wanted to make everyone aware and provide a space for discussion.

The Wi-Fi Alliance recently announced its security roadmap which, to summarize, will force member companies to remove TKIP and WEP from Wi-Fi certified products. Aruba will need to comply with these timelines in order to be eligible for future Wi-Fi certificaiton. Here is the timeline:

January 2011: WPA-TKIP as a standalone opmode must be removed. Mixed-mode WPA-AES/TKIP and WPA2-AES/TKIP is still permitted and in fact is required. This applies to APs/controllers.

January 2012: WPA-TKIP as a standalone opmode must be removed from clients.

January 2013: WEP must be removed from APs/controllers

January 2014: WEP must be removed from clients, and WPA Mixed Mode must also be removed. This means no more TKIP period after January 2014.

As most people are aware, TKIP has already been cracked (not catastrophically like WEP, but still cracked) and this is an effort by the Wi-Fi Alliance to get people to stop using security schemes that are known to be broken. Hopefully they have provided sufficient lead time for end users to plan migrations.
---
Jon Green, ACMX, CISSP
Security Guy
Contributor I
Posts: 22
Registered: ‎04-09-2007

Re: WEP/TKIP being removed from Wi-Fi certified products

Our biggest challenge on this front will be our barcode scanner and machine bridge vendors. If we had barcode scanners at every facility that supported something stronger, we would already have all of these technologies removed. For standard user access, we are not using any of these anymore. For device-based/firewall controlled access, we are still forced to at many locations because the scanners in use can't support anything stronger.
Moderator
Posts: 241
Registered: ‎09-12-2007

Re: WEP/TKIP being removed from Wi-Fi certified products

The Wi-Fi Alliance has backed off on this security roadmap and is no longer requiring any changes. Thus, we will not be removing TKIP as a standalone operation mode at this point.

Remember that TKIP *is* specifically prohibited in 802.11n HT (high throughput) mode. If you want 300Mbps with 802.11n, you need to be running it open or with AES - TKIP and WEP are not allowed.
---
Jon Green, ACMX, CISSP
Security Guy
New Contributor
Posts: 1
Registered: ‎02-14-2011

Re: WEP/TKIP being removed from Wi-Fi certified products

What's the latest on the deadlines for WEP and TKIP elimination?

New Contributor
Posts: 1
Registered: ‎03-20-2013

Re: WEP/TKIP being removed from Wi-Fi certified products

[ Edited ]

Hey, I am considering integrate barcode scanning feature into our facility. So would you please be more specific on ‘Our biggest challenge on this front will be our barcode scanner and machine bridge vendors.’

MVP
Posts: 702
Registered: ‎12-01-2010

Re: WEP/TKIP being removed from Wi-Fi certified products

We're completing the inventory of our barcode scanners and scale-bridges.

 

Over 80% of them claim to support WPA2, but about half of them don't actually support it.

We're working with the vendors to get updated drivers and begin upgrading devices to see how many we'll have to keep supporting WPA/TKIP with.

 

100% don't need WEP, so we're good on that part of the front.

 

Now if only we didn't have so many still on 802.11b...

 

 

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
Showing results for 
Search instead for 
Did you mean: