Page 263 - StudyBook.pdf
P. 263
Communication Security: Wireless • Chapter 4 247
Q: Why is WEP insecure?
A: WEP is insecure for a number of reasons.The first is that 24-bit IV is too
short. Because a new IV is generated for each frame and not for each session,
the entire IV key space can be exhausted on a busy network in a matter of
hours, resulting in the reuse of IVs. Second, the RC4 algorithm used by WEP
has been shown to use a number of weak keys that can be exploited to crack
the encryption.Third, because WEP is implemented at layer 2, it encrypts
TCP/IP traffic, which contains a high percentage of well-known and pre-
dictable information, making it vulnerable to plaintext attacks.
Q: How can I prevent unauthorized users from authenticating and associating with
my AP?
A: There are a number of ways to accomplish this.You can configure your AP as a
closed system by disabling SSID broadcasts and choosing a hard-to-guess SSID.
You can configure MAC filtering to allow only those clients that use valid MAC
addresses access to the AP.You can enable WEP and shared-key authentication.
However, all of these methods do not provide acceptable levels of assurance for
corporate networks that have more restrictive security requirements than are usu-
ally found in SOHO environments. For corporate environments that require a
higher degree of assurance, you should configure 802.1X authentication.
Self Test
A Quick Answer Key follows the Self Test questions. For complete questions,
answers, and explanations to the Self Test questions in this chapter as well as
the other chapters in this book, see the Self Test Appendix.
1. You have created a wireless network segment for your corporate network and
are using WEP for security.Which of the following terms best describes the
APs and the clients who want to connect to this wireless network?
www.syngress.com
