Page 221 - StudyBook.pdf
P. 221

Communication Security: Wireless • Chapter 4  205

                    It does not really matter whether a wireless network is using 64- or 128-bit
                 encryption (in reality, these constitute 40- and 104-bit encryption once the 24 bits
                 for the IV is subtracted). Both use a 24-bit long IV. Given the amount of traffic on
                 a wireless network and the probability of IV collisions within a relatively short
                 period of time, a 24-bit IV is far too short to provide meaningful protection against
                 a determined attacker.


                   More Information on WEP
               Head of the Class…  want to start with Jesse Walker’s famous whitepaper entitled “Unsafe at
                   There are many excellent resources available on the Internet that you can
                   consult if you wish to learn more about WEP and its weaknesses. You may

                   Any Key Size; An Analysis of WEP Encapsulation,” which started the ini-
                   tial uproar about the weaknesses of WEP. This paper can be found at
                   http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/0-
                   362.zip. Another excellent source of information is “Intercepting Mobile
                   Communications: The Insecurity of 802.11” by Nikita Borisov, Ian
                   Goldberg, and David Wagner. This paper can be found at
                   http://www.cs.berkeley.edu/~daw/papers/wep-mob01.pdf. “Your 802.11
                   Wireless Network Has No Clothes,” by William A. Arbaugh, Narendar
                   Shankar, and Y.C. Justin Wan covers similar ground to the previous two
                   papers, but also introduces important information on problems with
                   access control and authentication mechanisms associated with wireless
                   networks. This paper can be found at http://www.cs.umd.edu/~waa/
                   wireless.pdf.

                 Should You Use WEP?
                 The existence of these vulnerabilities does not mean WEP should not be used. One
                 of the most serious problems with wireless security is not that it is insecure, but
                 that a high percentage of wireless networks discovered by wardrivers are not using
                 WEP.All wireless networks should be configured to use WEP, which is available for
                 free with wireless devices.At the very least,WEP prevents casual wardrivers from
                 compromising a network and slows down knowledgeable and determined attackers.
                 The following section looks at how to configure APs and Windows XP wireless
                 clients to use static WEP keys.












                                                                              www.syngress.com
   216   217   218   219   220   221   222   223   224   225   226