Re: Is Dynamic WEP Secure Enough?

From: Kelly Martin (kel_at_securityfocus.com)
Date: 03/22/05

  • Next message: Zachary Mutrux: "Re: OT:basic VPN question" 
    Date: Mon, 21 Mar 2005 16:53:24 -0700
To: Jon Smith <like2hax@hotmail.com>, security-basics@securityfocus.com

    No, WEP can be cracked in less than ten minutes (even on a network
    without much traffic - a hacker can stimulate his own traffic). Rotating
    keys just isn't enough to cover the weaknesses, unless you want to
    rotate keys every three minutes. :) Personally I think WPA is the only
    way to go, or else you might as well keep the network open and turn WEP
    off entirely.

    We published the following articles by Michael Ossmann on SecurityFocus
    recently:

    WEP: Dead Again, Part 1 http://www.securityfocus.com/infocus/1814
    WEP: Dead Again, Part 2 http://www.securityfocus.com/infocus/1824

    Regards,

    Kelly Martin

    Jon Smith wrote:

    > Hi
    > I am responsible for a large wireless infrastructure upgrade. Right
    > now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my
    > corporate SSID (I have others with much lower security requirements).
    > I cannot easily go to WPA without ditching all my current devices that
    > do not support it (good luck getting that past the CFO). We have a
    > lot of physical security and surveillance with very tight controls, my
    > primary area of concern would be people like myself sitting in the
    > parking lot. Due to one of our applications, we will be sending a
    > clear strong signal to the parking lot. Is this enough security and
    > encryption to significantly slow intrusion attempts? Between
    > direction finding capabilities of the Access Points and our roaming
    > guards it would be a matter of time before we detected them.
    >
    > Thanks
    >
    > Rocko
    >
    > _________________________________________________________________
    > Is your PC infected? Get a FREE online computer virus scan from
    > McAfeeŽ Security.
    > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
    >

  • Next message: Zachary Mutrux: "Re: OT:basic VPN question"

    Relevant Pages

    • RE: 802.11i research papers
      ... IT Infrastructure - Network Design ... Subject: 802.11i research papers ... with WPA which is the replacement to WEP (TKIP is ... WEP and other security features that the protocol has implemented. ...
      (Security-Basics)
    • RE: Wireless Security for Home Users
      ... User 128-bit WEP if your equipment supports it. ... the casual wardrivers to pass you by; there's always an unencrypted network ... Use any vendor-specific security improvements available to you. ... I believe if you use a 3Com WAP and 3Com client cards, ...
      (Security-Basics)
    • Re: Is Dynamic WEP Secure Enough?
      ... Forgive me for my ignorance and please correct me if I am wrong OR if I have wrongly understood these/ any of the replies to the Dynamic WEP question ... different users changing their keys at different points in time ... The physical security that is existing on the ground that can contribute and hence the probability of finding out a parking lot hacker ... WEP can be cracked in less than ten minutes (even on a network without ...
      (Security-Basics)
    • RE: Replacing WEP was Re: Dsniffng wireless networks
      ... Here you assume that you have some security by using WEP. ... always be treated like a public network and secured accordingly. ... and open VPN tunnels into the private network. ...
      (Pen-Test)
    • Re: wep still does not work
      ... wireless network open, that works perfectly. ... As Im under breezy, Ive tried the brand new dapper live cd, knoppix ... generate 64-bit keys, so if you're using 128-bit keys, the string ... I used WEP quite effectively in Breezy on a PPC system, ...
      (Ubuntu)