Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	iPhone 5 rumor rollup for the week ending Feb. 10
•	Forget Public Cloud or Private Cloud, It's All About Hyper-Hybrid
•
•	Apple passes HP as largest tech company
•	How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
•	Much of Western U.S. is a 3G wasteland, says FCC
•	How the Phoenix Suns basketball team takes on social media attacks
•	Microsoft details Windows 8 for ARM devices
•	Resume Makeover: How an Information Security Professional Can Target CSO Jobs
•	Blogger exposes major Google Wallet security flaw
•	Web app lets enterprise set security, sharing for Google Apps users
•	Cloudscaling to offer OpenStack private cloud platform
•	Macs take on the enterprise
•	Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
•	Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
•	More breaking news

/

WEP's fatal flaw exposed

By - Steve Janss
Network World, 12/17/01

Wired Equivalent Privacy vulnerabilities came to light more than a year ago in October 2000, when Jesse Walker of Intel published "IEEE P802.11b Wireless LANs, Unsafe at any key size; an analysis of the WEP encapsulation." That was soon followed by University of California at Berkeley's "Security of the WEP algorithm" last January, and the University of Maryland's "Your 802.11 Wireless Network has No Clothes" in March 2001.

In 2001, several people wrote programs for hacking 802.11b's WEP, primarily by capitalizing on its improper use of RC4's initialization vectors. These days, any hacker or script kiddie can use one of several tools, such as WEPCrack or AirSnort, which yields WEP keys in fairly short order. For example, I cracked my 128-bit static-key WEP network in less than 18 hours. Nearly all 802.11b vendors offer 128-bit key extensions to WEP so most would implement the 128-bit version.

None of this really matters, as it's the WEP algorithm that's vulnerable. Once a hacker has the keys, it provides access to the network. The hacker can then load the keys into any wireless sniffer, such as WildPacket's Airopeek or Sniffer Technologies Sniffer Wireless, and gain full access to broadcast data. Download the tools and test your own wireless LAN - just remember it's against federal wiretapping laws to view any data on someone else's network without permission.

Back to the main review

RELATED LINKS

Janss is the president of Jansys Information Systems, a consulting firm specializing in IS technologies for small businesses. He can be reached at bizcom@jansys.com.

Wireless LAN security
The IEEE 802.11b Task Group I is working on a new standard that provides authentication and encryption for secure wireless networking. In the meantime, proprietary products that plug the holes in 802.11b security may be your best bet.

How we did it
Our testing methods ecplained.

IEEE is working on new standard
The scope of IEEE's 802.11b Task Group I is "to enhance the 802.11 Medium Access Control to enhance security and authentication mechanisms."

A closer look at LEAP
How Lightweight Extensible Authentication Protocol works.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.