 |
||||
 | |
| ||
|
||||
| ||||
|
|
||||
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.
Storage
WAN Services
Web/e-commerce
Wireless/Mobile
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings
/
WEP is bad, but better than nothing
 
|
|||
 | |||
|
The Wired Equivalent Privacy encryption algorithm has a bad reputation because it's relatively easy to crack and it's difficult to deploy (see What's wrong with WEP). But sometimes it might be your only option. The iLabs team built a small wireless LAN secured by WEP-using devices that supported no other security mechanism. We can report that these devices interoperated while using WEP, even when we employed nonstandard extensions such as 128-bit encryption.
Our network was based on the popular WAP11 wireless access points from Linksys. Although it's not designed as an enterprise access point, the WAP11 has attracted many adopters because of its low price and easy setup. The devices connected to these WAP11 boxes were PDAs and wireless Ethernet phones, which typically don't work well with other wireless security strategies.
Sharp's Zaurus is a Linux-based handheld, which makes an excellent platform for deploying small, portable applications. Like all PDAs, the Zaurus has strictly limited memory and a relatively slow CPU. Adding wireless to the Zaurus wasn't as simple as plugging in a wireless card; we had to find drivers, card management tools and a recompiled kernel to add support for the card we chose. But once we figured all that out, the first real test against our Linksys WAP11 wireless access point worked.
Symbol's NetVision phone is another example of a device for which WEP fits best. NetVision is a very cool but deceptively simple device. It looks like a wireless phone without a base station that connects directly to your 802.11b infrastructure, talking H.323 protocols directly to your voice-over-IP network. You need the usual H.323 gatekeeper to run things, but no Symbol-specific or proprietary pieces. NetVision supports a proprietary high-security wireless protocol based on Kerberos that would have required Symbol access points and additional hardware on the network. We used WEP to add basic security against our Linksys access points, and had complete interoperability with devices on and off the network the first time out.
WEP is useful for devices such as printers, which might be located in remote areas yet still need to connect back to the corporate LAN. Most wireless vendors have an Ethernet-to-wireless adapter that can be used for devices such as printers or Replay TV.
One of the advantages of WEP in this type of network is that the WEP keys don't have to be widely distributed to a lot of people (see our WEP primer). Programming phones and PDAs is hard enough that you probably wouldn't ask an end user to do it. This helps to reduce some of the obvious vulnerabilities of WEP, such as people sharing the keys or writing them down and leaving them around public areas.
Although most modern wireless card firmware has been secured against the initialization vector problems exploited by tools such as AirSnort, PDAs and embedded devices, in particular, they may not be as up to date as wireless cards for laptops and PCs. Thus, the advice to change WEP keys frequently still holds: it may be painful, especially in small, portable, devices, but it's an important consideration in WEP-based networks.
More N+I Atlanta 2002 iLabs coverage
Related Links
What's wrong with WEP?
Wired Equivalent Privacy is the privacy protocol specified in IEEE 802.11 to provide wireless LAN users protection against casual eavesdropping. Network World, 09/09/02.
Snyder: Securing the wireless LAN
Wireless LANs are too inexpensive to ignore, but security has stymied many network managers looking to bring wireless into the corporate fold. There's a lot of information and misinformation out there about issues and approaches. Here are some simple strategies to help guide your path. Network World, 08/12/02.
Down and dirty with Wireless LAN security
The 3-year-old Wired Equivalent Privacy (WEP) protocol has been discredited so thoroughly that its authentication and encryption capabilities are not considered sufficient for use in enterprise networks. In response to the WEP fiasco, many wireless LAN vendors have latched onto IEEE 802.1x standard to help authenticate and secure both wireless and wired LANs. The wildcard with 802.1x protocol is interoperability. Network World, 05/06/02.
Wireless LAN security fix on tap from IEEE group
Network executives worried about the security of their wireless LANs may soon be able to sleep a little easier: The standards committee responsible for the broken wireless LAN encryption algorithm, Wired Equivalent Privacy, has approved a fix to the system that can be applied to existing equipment. Network World, 01/07/02.
Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.
Request a reprint or permission to use this article.
 |
 |
 |
|||||
|
|
|
|
|
|||