Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

WEP/TKIP being removed from Wi-Fi certified products

This thread has been viewed 1 times

  • 1.  WEP/TKIP being removed from Wi-Fi certified products

    EMPLOYEE
    Posted May 31, 2010 12:29 PM
    I am not sure how widely publicized this is yet, but wanted to make everyone aware and provide a space for discussion.

    The Wi-Fi Alliance recently announced its security roadmap which, to summarize, will force member companies to remove TKIP and WEP from Wi-Fi certified products. Aruba will need to comply with these timelines in order to be eligible for future Wi-Fi certificaiton. Here is the timeline:

    January 2011: WPA-TKIP as a standalone opmode must be removed. Mixed-mode WPA-AES/TKIP and WPA2-AES/TKIP is still permitted and in fact is required. This applies to APs/controllers.

    January 2012: WPA-TKIP as a standalone opmode must be removed from clients.

    January 2013: WEP must be removed from APs/controllers

    January 2014: WEP must be removed from clients, and WPA Mixed Mode must also be removed. This means no more TKIP period after January 2014.

    As most people are aware, TKIP has already been cracked (not catastrophically like WEP, but still cracked) and this is an effort by the Wi-Fi Alliance to get people to stop using security schemes that are known to be broken. Hopefully they have provided sufficient lead time for end users to plan migrations.


  • 2.  RE: WEP/TKIP being removed from Wi-Fi certified products

    Posted May 31, 2010 09:24 PM
    Our biggest challenge on this front will be our barcode scanner and machine bridge vendors. If we had barcode scanners at every facility that supported something stronger, we would already have all of these technologies removed. For standard user access, we are not using any of these anymore. For device-based/firewall controlled access, we are still forced to at many locations because the scanners in use can't support anything stronger.


  • 3.  RE: WEP/TKIP being removed from Wi-Fi certified products

    Posted Mar 20, 2013 10:37 PM

    Hey, I am considering integrate barcode scanning feature into our facility. So would you please be more specific on ‘Our biggest challenge on this front will be our barcode scanner and machine bridge vendors.’



  • 4.  RE: WEP/TKIP being removed from Wi-Fi certified products

    Posted Mar 27, 2013 05:34 PM

    We're completing the inventory of our barcode scanners and scale-bridges.

     

    Over 80% of them claim to support WPA2, but about half of them don't actually support it.

    We're working with the vendors to get updated drivers and begin upgrading devices to see how many we'll have to keep supporting WPA/TKIP with.

     

    100% don't need WEP, so we're good on that part of the front.

     

    Now if only we didn't have so many still on 802.11b...

     

     



  • 5.  RE: WEP/TKIP being removed from Wi-Fi certified products

    EMPLOYEE
    Posted Jan 26, 2011 05:08 PM
    The Wi-Fi Alliance has backed off on this security roadmap and is no longer requiring any changes. Thus, we will not be removing TKIP as a standalone operation mode at this point.

    Remember that TKIP *is* specifically prohibited in 802.11n HT (high throughput) mode. If you want 300Mbps with 802.11n, you need to be running it open or with AES - TKIP and WEP are not allowed.


  • 6.  RE: WEP/TKIP being removed from Wi-Fi certified products

    Posted Aug 01, 2012 09:55 AM

    What's the latest on the deadlines for WEP and TKIP elimination?