(Page 1 of 2)
To protect an 802.11b network from unauthorized, use and snooping, you can enable packet encryption via WEP. Different cards have different levels of support for WEP. WEP works by using a RC4 encryption scheme, (Refer to encryption for details on RC4) with a key that can be 40, 64 or 128 bits in length. (New models released in the 2nd half of 2002 now offer 256-bit encryption.) The design in 802.11 for RC4 uses a shared key. The access point sends a random number at the registration request. The receiving node assigns the key with a secret key that was pre-shared. The access point checks the results and allows the node to sign on. Data between the devices is encrypted by one of the values listed.
The method described is known as one-way authentication. Stated another way, the access point knows it is from some group of computers that has the pre-shared key and cannot identify a specific computer.
Given this, it is possible for a rogue computer to pretend it is an access point.
When enabling WEP (Wired Equivalent Privacy) on a network, the encryption key must be the same among all the devices, including the wireless base station providing network connectivity.
Another difficulty with WEP is that it is possible to break this WEP encryption and gain access to the network.
The less than stellar news in the design of 802.11b and WEP is the use of RC4 has as part of the logic a number known as an initialization vector or IV that is not encrypted. Too many product offerings start the IV at the number we call 1 then use 2 for the next IV, followed by 3, etc. So, scoop up about 5 million packets of data and you can figure out the WEP pattern. In a large wireless network with heavy usage the combination of keys is used within hours, as proven by research at the University of Maryland241 and the Berkley campus of the University of California242. A single intruder sending an email to a valid email address on the wireless network further reduces security since the intruder knows what the unencrypted message contained, narrowing the search pattern. If an intruder doesnt want to work hard they simply use the lazy approach and use a program such as Airsnort 243, wepcrack244 or airtraf245. The moral to the story is change keys often.
Although theoretically Wired Equivalent Privacy is supposed to be as secure as an actual wired network, the reality is that that isnt the case. As you can see, the challenge with WEP is that for a variety of reasons, is it cannot withstand the attention of compromising attacks. Because of this, if you are deploying a wireless network, you should strongly consider using hardware that allows you to control access to the wireless LAN based on MAC address, or consider a tunneling protocol between wireless devices and access points.
Still, keep in mind that in most situations, WEP is better than no WEP. It will stop some potential attackers, and probably slow down others. Even if you assume that your WEP protection will be subverted, the fact that you attempted to employ that protection is one way to demonstrate that you were not negligently making your wireless network available to the world with no protection whatsoever.
241. http://www.cs.umd.edu/~waa/attack/v3dcmnt.htm William A. Arbaugh University of Maryland
242. http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html Nikita Borisov, Ian Goldberg, and David Wagner
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.