Recently, Support Republic ran a poll asking TechRepublic members how secure they believe wireless networking is. Ninety-three percent of respondents said that they believed wireless is either somewhat or completely vulnerable. This article will be taking a further look at wireless security and the problems it faces in today’s network environment.
How does the 802.11b standard provide security?
WEP, which stands for Wired Equivalent Privacy, is a security protocol that tries to emulate the security found in today’s standard wire-based networks. To access a wireless network, access points contain an ESSID, a service ID that allows wireless clients to access a specific point.
Administrators also have an option of supplying the MAC addresses of wireless clients to be stored in an access control list. Users on this list will have full access to a network; anyone whose MAC address isn’t on the list will be left out in the cold.
In addition, WEP provides encryption security by using a 40-bit shared-key RC4 PRNG algorithm. This encryption scrambles the data transmitted on a wireless network. If the data is intercepted, it can’t be unscrambled without the encryption key, which is available only on the access point. Other encryption services can be used on a wireless network as well, such as IPSec or MPPE (with PPTP).
What are the problems?
Despite the wide range of security built into the WEP standard, you may have heard how susceptible wireless networks can be when a hack is attempted. While some of these reports can be easily dismissed, others are valid and are often the result of poor planning of a wireless networking infrastructure.
- Major complaint #1—Anyone can gain access to a wireless network.
Although it’s true that all wireless network cards can receive data from an access point or gateway within a reasonable distance, the data being sent out is encrypted, assuming an administrator sets up the configuration correctly. With the proper network security settings, such as WEP, in place, along with user access restrictions, firewall protection, and tight encryption, normal hackers may find it difficult to gain access to a wired network, even if they’re within transmit distance.
- Major complaint #2—WEP is too easy to hack.
This complaint is also true, but cracking WEP generally happens when the administrator setting up the WEP hasn’t been thorough when configuring the network infrastructure. Hackers are usually able to hack a wireless network if WEP is turned off or an administrator solely relies on WEP to provide the security for his or her network. Keep in mind that WEP was designed to run hand-in-hand with other security features available on most networks.
- Major complaint #3—The security standard is too weak.
A team at U.C. Berkeley says it’s managed to hack the security standards of WEP using relatively cheap machines that decrypt the traffic flowing on a wireless network. For more information on the team’s research, visit the U.C. Berkeley Web site.
A valuable WEP security resource
If you’re interested in learning more about how the WEP standard works, many valuable resources are available on the Internet. One of the most helpful is the Overview of IEEE 802.11b Security, available for download on the Intel Web site.
Now that you know a little more about WEP issues, we’d love to hear your thoughts regarding this technology. Do you believe that WEP will be adapted to improve security for wireless networks? Or do you think other routes should be taken to make wireless networking more secure? Feel free to leave a note below or send us an e-mail with your thoughts.