Steve Saunders Goldwing Forums banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Administrator
02 GL1800 w/Auto Pilot
Joined
·
59,305 Posts
Discussion Starter #1
imported post

Just say no to WEP

* Date: July 18th, 2007
* by Mike Mullins

Whether you’re running a home wireless network or a corporate wireless network, you need to know the truth about Wired Equivalent Privacy (WEP). When WLAN hardware first came out, WEP was the standard encryption scheme offered to secure that wireless network.

By design, WEP protects a wireless network from eavesdropping. However, it has significant and well-documented vulnerabilities.

Weak Encryption Protocol?

WEP’s major flaw is its use of static encryption keys. But the encryption standard isn’t the problem.

WEP uses RC4 (also known as ARC4 or ARCFOUR) to protect the confidentiality of the transmitted data. However, every device on the network uses one key to encrypt every transmitted packet. That means an eavesdropper using a wireless hacking tool can intercept enough WEP-encrypted packets to eventually figure out the key.

Of course, you can mitigate this vulnerability by periodically changing the WEP key; most routers allow you to store up to four keys. But if you change the key on the router, that means you also have to change the key on every device on the network. Depending on the size of your network, this can quickly become a time-consuming, never-ending task.

WEP is so insecure and/or time-consuming to add even a small level of confidentiality to your WLAN, but what can you do? Why don’t you switch to Wi-Fi Protected Access (WPA) or WPA2?
WPA

While there are several flavors of WPA available today, the easiest to use and most widely supported version is WPA Personal — often called WPA Pre-Shared Key (PSK). Using this encryption is relatively easy.

To encrypt a network with WPA Personal/PSK, configure your router with a plain-text pass phrase between eight and 63 characters long. Using an encryption protocol called Temporal Key Integrity Protocol (TKIP), WPA uses that pass phrase — along with the network service set identifier (SSID) — to generate unique encryption keys for each wireless client.

Those encryption keys continuously change at the beginning of each transmitted frame. WPA cycles to a new key and broadcasts the change.
Roadblocks

Very few wireless devices sold today don’t support WPA. However, WEP is always the first option for encryption (alphabetically), and most consumers don’t know the difference between the two.

When it comes to client computers, Windows XP Service Pack 2, Windows Vista, and Mac OS X support WPA. When setting up the client, just make sure the data encryption — TKIP or Advanced Encryption Standard (AES) — matches the router’s setting. Most routers support AES, which offers a stronger encryption cipher than the one used by TKIP.
Final thoughts

Properly configured, WPA provides your WLAN great protection from roaming wireless hackers. And here’s one last suggestion: Change the default SSID. Most routers default the SSID to the name of the company that makes the router (e.g., Linksys).

In addition, avoid dictionary words in both the SSID and WPA. If you can use WPA2 (which uses AES), then use it. When it comes to security and encryption standards, using the latest and greatest standard is always a good thing.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.
 

·
Monkey with a Football
Joined
·
19,237 Posts
imported post

A business has different issues of security than a residence.

In my residential system, I simply leave the wireless off until I need it. Then off again.
The less you advertise your presence, the less time you have to be randomly picked up.

I can hack any wireless system given enough time to pick up transmission traffic. I can spoof any IP address or any MAC address and "become" a trusted user from a mile away.

Wireless security must be pro-active and changing constantly to be reasonably secure.

I do not even try to play that game at home because my security is within the network itself, not it's transmission or connectivity media.

This does several things for me. One is that I know when I'm "on the air" and concious of the traffic I am broadcasting, information-wise. No bank connections at that time, no cleartext logins at that time. Also I get to see and record who is trying to access my system so I can get the feel of the expertise and nature of the neighborhood and how it changes over time. Without that it is like wondering what the weather is like outside while living in a house with no windows or doors. Finally, I don't have to worry about any valid connections having trouble getting connected.
There is no DHCP or DNS in my residential network.

Business wireless is a whole other ball game.
 

·
Premium Member
Joined
·
163 Posts
imported post

wpa and wpa2 is indeed a much safer encryption than wep i have a program that can actually find the wep key of a wireless connection not belonging to me so you would be wise to change or update your wirless connection.
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top