Page 217 - StudyBook.pdf
P. 217
Communication Security: Wireless • Chapter 4 201
■ The use of predictable IVs, leading to chosen-plaintext attacks
■ 40-bit DES encryption
■ Susceptibility to probable plaintext attacks
■ Unauthenticated alert messages
The WAP Forum is currently working on a new version of WAP that may
address these and other weaknesses in WTLS.The draft titled “The WAP Transport
Layer E2E Security Specification” describes an architecture where the WAP gateway’s
role is minimized.
TEST DAY TIP
The Security+ exam covers WAP and its security mechanism, WTLS.
WEP Vulnerabilities
As does any standard or protocol,WEP has some inherent disadvantages.The focus
of security is to allow a balance of access and control while juggling the advantages
and disadvantages of each implemented countermeasure for security gaps. Some of
WEP’s disadvantages include:
■ The RC4 encryption algorithm is a known stream cipher.This means it
takes a finite key and attempts to make an infinite psuedorandom key
stream in order to generate the encryption.
■ Altering the secret must be done across the board; all APs and clients must
be changed at the same time.
■ Used on its own,WEP does not provide adequate WLAN security.
■ WEP has to be implemented on every client and every AP, to be effective.
WEP is part of the IEEE 802.11 standard defined for wireless networks in
1999.WEP differs from many other kinds of encryption employed to secure net-
work communication, in that it is implemented at the MAC sublayer of the data
link layer (layer 2) of the OSI model. Security can be implemented at many dif-
ferent layers of the model. For example, Secure Internet Protocol (IPSec) is imple-
mented at the network layer (layer 3) of the OSI model. Point-to-Point Tunneling
Protocol (PPTP) creates a secure end-to-end tunnel by using the network layer
www.syngress.com
