If your business is PCI compliant, you hopefully are already fully aware that June 30th, 2010 is the deadline to be migrated off of WEP in any area of your network that is involved in credit card handling based on PCI definition and your own logical networking design.
While I'd generally hope that most people had moved off of WEP years ago, you still see it in some POS systems from time to time. Depending on how your network is designed and how you've setup your PCI boundaries, your entire network may have to migrate away from WEP.
I know in some areas businesses had to replace their client hardware to even support anything beyond WEP, which was probably costly in larger client installations. I suspect when people were buying that equipment in the late 90s/early 2000s and the vendors were saying how long the life span would be, they forgot that running DOS and 802.11b only would likely cut that 20 year lifespan down a bit. I guess the same reason when vendors tout a 30 year MTBF on their equipment that will be legacy within 2 years, I'm not quite as concerned about the difference between one vendor having 25 years and another having 30.. Sure, longer MTBF should result in less frequent failures as a whole, but it's still a negligible number with most respectable vendors.
If you've migrated off of WEP, hopefully you've taken the plunge straight to WPA2-CCMP, so you don't have to be concerned with WPA1-TKIP countermeasure type issues, and the per packet overhead is lower with CCMP than TKIP, at the expense of a little extra computational needs of CCMP. Not to mention the security aspect of CCMP over TKIP.
You can read the full PCI DSS 1.2 specification here.
Erik Parker is a wireless network engineer for a Fortune 500 e-commerce company based in the United States. Erik was previously a wireless engineer at Toyota and consulting network engineer for International Network Services (Now BT-INS) prior to that. He has experience with Routing, Switching, Wireless, Security, and Linux systems engineering. His primary focus is on wireless infrastructure, 802.11 protocol analysis, RF, and mobility. Erik's hobbies include arm-chair electronics using Arduino, Parallax, and nearly anything else you can hook random sensors into. Erik has maintained his CISSP designation since 2002, has spoken at multiple Gartner mobility summits, and continues to be active in the wireless community.
This blog represents the personal views of the author and does not necessarily represent the views of his employer.