Re: Is Dynamic WEP Secure Enough?

From: Jon Smith (like2hax_at_hotmail.com)
Date: 03/22/05

  • Next message: Eduardo Kienetz: "Per protocol/port bandwidth usage"
    To: security-basics@securityfocus.com
    Date: Tue, 22 Mar 2005 01:59:09 +0000
    
    

    So if I follow the thread, WEP is OK ... j/k.

    Upon further digging with my staff, we have very few wireless devices even
    on that network. Therefore scrapping them won't hurt as much as I thought.
    Mr. Martin's last post does raise a question; how fast can you rotate keys?
    Why not every 3 minutes? I assume overhead would be a problem.

    Lastly, my preferred solution is Trapeze Networks. There system seems very
    slick with the multiple security systems I need. The next closest was
    Extreme Networks, but they don't seem to be as advanced. Plus we have all
    their switches and the APs are same fruity purple. The questions is, has
    anybody had any experience with Trapeze (good or bad), they seem to be newer
    company. Any intel would be awesome.

    Thanks

    Rocko

    >From: Kelly Martin <kel@securityfocus.com>
    >To: Jon Smith <like2hax@hotmail.com>,security-basics@securityfocus.com
    >Subject: Re: Is Dynamic WEP Secure Enough?
    >Date: Mon, 21 Mar 2005 16:53:24 -0700
    >
    >No, WEP can be cracked in less than ten minutes (even on a network without
    >much traffic - a hacker can stimulate his own traffic). Rotating keys just
    >isn't enough to cover the weaknesses, unless you want to rotate keys every
    >three minutes. :) Personally I think WPA is the only way to go, or else you
    >might as well keep the network open and turn WEP off entirely.
    >
    >We published the following articles by Michael Ossmann on SecurityFocus
    >recently:
    >
    >WEP: Dead Again, Part 1 http://www.securityfocus.com/infocus/1814
    >WEP: Dead Again, Part 2 http://www.securityfocus.com/infocus/1824
    >
    >Regards,
    >
    >Kelly Martin
    >

    _________________________________________________________________
    Express yourself instantly with MSN Messenger! Download today - it's FREE!
    http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


  • Next message: Eduardo Kienetz: "Per protocol/port bandwidth usage"

    Relevant Pages

    • RE: Wireless Pent-Test
      ... If this is for home use have them turn WEP and MAC Address filtering on. ... You need to secure access to your protected network. ... So your VPN is ... his wireless network packets to make sure it is 128 bit encryption... ...
      (Pen-Test)
    • Re: HP2210 w/Linksys WCF54G wifi card (JC)
      ... the WEP settings are virtually identical...ie. ... "Jeff Cunningham" wrote in message ... Yes I am using WEP 128bit encryption. ... When I check one of the profiles, no "Network name" shows up and I ...
      (microsoft.public.pocketpc.wireless)
    • RE: 802.11i research papers
      ... IT Infrastructure - Network Design ... Subject: 802.11i research papers ... with WPA which is the replacement to WEP (TKIP is ... WEP and other security features that the protocol has implemented. ...
      (Security-Basics)
    • Re: Wireless and "not so much on" internal attacks
      ... 128bit WEP. ... The question about internal attacks stems from the fact that customers have ... Wireless and "not so much on" internal attacks ... While on the network an attack would become more of an ...
      (Security-Basics)
    • Re: Netgear WGXB102 connection problems when using WEP
      ... DI-524 wireless network that is working fine with WEP encryption on ... network) I've worked through the install procedure and here's what I ...
      (alt.internet.wireless)