210    Chapter 4 • Communication Security: Wireless


             Figure 4.12 Configuring Shared-Key Authentication on WAP11 AP


































                 Armed with a valid WEP key, an intruder can successfully negotiate association
             with an AP and gain entry to the target network. Unless other mechanisms like
             MAC filtering are in place, this intruder can roam across the network and poten-
             tially break into servers or other systems.


                WEP Key Compromise
           Damage & Defense…  the same static WEP key in a production role for an extended period of
                Because casual attackers are now capable of WEP key retrieval, keeping

                time does not make sense. A static WEP key could be published into the
                underground by a hacker and still be used in a production WLAN six
                months later if there are no policies in place mandating regular change
                of keys. One of the easiest ways to mitigate the risk of WEP key compro-
                mise is to regularly change the WEP key on all APs and wireless clients.
                Although this is an easy task for administrators of small WLANs, it
                becomes extremely daunting on a large enterprise-size network. Both
                Cisco Systems and Funk Software have released access control servers that
                implement rapid WEP rekeying on both APs and the end-user clients.
                Even if a WEP key is discovered, utilizing this form of software within a
                specified period of time will render that particular key to be invalid.



          www.syngress.com