Light weight EAP is Cisco's proprietary version of Extensible Authentication Protocol (EAP, used mainly for wireless LANs). Cisco graciously allowed vendors to support LEAP using Cisco Certified Extenstion (CCX).
Cisco owns about 60% of the wireless market with 46% of those using Light Weight Extensible Authentication Protocol according to the research group nemertes.
HAZZAAA!! Cisco is secure…
(except against Dictionary Attacks)
With such a large piece of the wireless market using LEAP, Cisco had sucessfully advertised LEAP as a secure protocol. Unfortunately, LEAP is weak against Dictionary Attacks (Brewin).
At DEFCON 11, on August 1, 2003, Joshua Wright did a presentation on the weakness of LEAP.
Here is Cisco's response to Leap Dictionary attacks:
To help our customers respond to the possibility of dictionary attacks, Cisco strongly recommends that all of our customers to review their security policies and institute the previously published best practices that are outlined below and in the Cisco SAFE White Papers.
•
Use a strong password policy (as detailed below) and periodically expire user passwords (recommended at least every three months) giving users advanced warning to change passwords before they expire.
•If unable to implement a strong password policy, consider migrating to another EAP type like EAP-FAST, PEAP or EAP-TLS whose authentication methods are not susceptible to dictionary attacks:
–EAP-FAST is an authentication protocol that creates a secure tunnel without using certificates.
–PEAP is a hybrid authentication protocol that creates a secured TLS tunnel between the WLAN user and the RADIUS server to authenticate the user to the network.
–EAP-TLS uses pre-issued digital certificates to authenticate a user to the network.
FINAL NOTE:
“1 month of audits by l33t security companies: No vulnerabilities
1 month of architecture research by CCIE's: No vulnerabilities
2 days of hacking by DaBubble, Bishop, and Evol: Root.
There's some things that fackers should audit (WEBAPPS) for everything else, get a real hacker.” — SecurityFocus
Why doesn't Cisco become more hacker friendly. They pissed off the Security Profesionals and Hackers alike with that CiscoGate fiasco, don't have any cool hacker parties at the Defcon.. I mean what is the deal, John Chambers?!
John, I doubt you will ever read this blog, but here goes anyway, I think that Cisco has great products. I believe in Cisco's amazing engineering, but if you guys don't aggressively attack security issues PROACTIVELY, you will drop from first class to third class quickly. I'm not trying to tell you how to run cisco, I'm just saying, why not use hackers and their finding to your advantage.
Take the IE browser as an example: they used to own 95% of the market, consumners got so fed up with its lack of security that now Firefox (co-created by Blake Ross Intern/Hacker) is doing something not even Netscape could do.
Reference:
EAP. RFC 2284. Extensible Authentication Protocol.
EAP, Extensible Authentication Protocol Wiki. Wikipedia.org
George C. Ou. Leap: A looming disaster in Enterprise Wireless LANs. Lanarchitecture.net
nemertes, Cisco Warns its WLAN Security can be Cracked. nemertes.com
Brewin, Bob. Cisco Warn its WLAN Security can be Cracked. computerworld.com
Cisco, Abusing 802.11: Weaknesses in LEAP Challenge/Response. Defcon 11/2003
Cisco. Cisco Response to Dictionary Attacks on Cisco Leap.