Page 200 - StudyBook.pdf
P. 200
184 Chapter 4 • Communication Security: Wireless
tion to the functionality of the 802.11 standard, including a standard definition of
WEP, the privacy created, and the authentication.
WEP provides security and privacy in transmissions held between the AP and
the clients.To gain access, an intruder must be more sophisticated and have specific
intent to gain access. Some of the other benefits of implementing WEP include the
following:
■ All messages are encrypted using a CRC-32 checksum to provide some
degree of integrity.
■ Privacy is maintained via the RC4 encryption.Without possession of the
secret key, the message cannot be easily decrypted.
■ WEP is extremely easy to implement.All that is required is to set the
encryption key on the APs and on each client.
■ WEP provides a basic level of security for WLAN applications.
■ WEP keys are user-definable and unlimited.WEP keys can, and should, be
changed often.
EXAM WARNING
Do not confuse WAP and WEP. While it may seem that WEP is the pri-
vacy system for WAP, you should remember that WTLS is the privacy
mechanism for WAP and WEP is the privacy mechanism for 802.11
WLANs.
Creating Privacy with WEP
WEP provides for three implementations: no encryption, 40-bit encryption, and
128-bit encryption. Clearly, no encryption means no privacy.When WEP is set to
no encryption, transmissions are sent in the clear and can be viewed by any wireless
sniffing application that has access to the RF signal propagated in the WLAN
(unless some other encryption mechanism, such as IPSec, is being used). In the case
of the 40- and 128-bit varieties (just as with password length), the greater the
number of characters (bits), the stronger the encryption.The initial configuration of
the AP includes the setup of the shared key.This shared key can be in the form of
either alphanumeric or hexadecimal strings, and must be matched on the client.
www.syngress.com
