Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Four reasons to buy (and one reason to avoid) the Droid
•	Cisco MARS shuts out new third-party security devices
•	Verizon Droid buzz muted in Boston
•	Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
•	Cloud computing, virtualization proponents getting antsy
•	Data center start-up offers energy saving software
•
•	Vendors scrambling to fix bug in Net's security
•	Judge dismisses lawsuit challenging Gartner's Magic Quadrant
•	Boston Celtics clamp down on spam
•	Cloud computing inevitable? Not so fast, educator says
•	Blue Coat slashes staff, buys S7 services company
•	Apple seeks new sheriff to lock up iPhones
•	Google releases new search engine for e-commerce sites
•	Rackspace apologizes for cloud outage, prepares to issue service credits
•	More breaking news

Wireless/Mobile /

WEP's fatal flaw exposed

By - Steve Janss
Network World, 12/17/01

Wired Equivalent Privacy vulnerabilities came to light more than a year ago in October 2000, when Jesse Walker of Intel published "IEEE P802.11b Wireless LANs, Unsafe at any key size; an analysis of the WEP encapsulation." That was soon followed by University of California at Berkeley's "Security of the WEP algorithm" last January, and the University of Maryland's "Your 802.11 Wireless Network has No Clothes" in March 2001.

In 2001, several people wrote programs for hacking 802.11b's WEP, primarily by capitalizing on its improper use of RC4's initialization vectors. These days, any hacker or script kiddie can use one of several tools, such as WEPCrack or AirSnort, which yields WEP keys in fairly short order. For example, I cracked my 128-bit static-key WEP network in less than 18 hours. Nearly all 802.11b vendors offer 128-bit key extensions to WEP so most would implement the 128-bit version.

None of this really matters, as it's the WEP algorithm that's vulnerable. Once a hacker has the keys, it provides access to the network. The hacker can then load the keys into any wireless sniffer, such as WildPacket's Airopeek or Sniffer Technologies Sniffer Wireless, and gain full access to broadcast data. Download the tools and test your own wireless LAN - just remember it's against federal wiretapping laws to view any data on someone else's network without permission.

Back to the main review

RELATED LINKS

Janss is the president of Jansys Information Systems, a consulting firm specializing in IS technologies for small businesses. He can be reached at bizcom@jansys.com.

Wireless LAN security
The IEEE 802.11b Task Group I is working on a new standard that provides authentication and encryption for secure wireless networking. In the meantime, proprietary products that plug the holes in 802.11b security may be your best bet.

How we did it
Our testing methods ecplained.

IEEE is working on new standard
The scope of IEEE's 802.11b Task Group I is "to enhance the 802.11 Medium Access Control to enhance security and authentication mechanisms."

A closer look at LEAP
How Lightweight Extensible Authentication Protocol works.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

Click Here

alt text

Click Here

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.