The freedom of wireless networking is enticing, but the accompanying risks are daunting.
If you're running a wireless LAN on the 802.11 standards, you may think your organization is secure. Think again. Joe User can drive to the local computer store, buy a wireless access point for less than $100, and be free from Ethernet cables and any legitimate security within 15 minutes. And hunting down one of these rogue access points is not an easy task.
The problem with WEP
During the inception of the 802.11 standards for wireless networking, the IEEE had to resolve a fundamental issue of wireless security; it's vulnerable because it uses radio signals through open air space, as opposed to electrical signals through closed wires. The Wired Equivalent Privacy (WEP) standard was created to address this liability. It was supposed to make wireless networks as private as wired networks by using 40-bit and 128-bit encryption. Maybe it's due to a lack of peer review or some other misstep, but whatever the reason, that "equivalent privacy" is not so private after all.
To be precise, WEP can be broken very quickly after gathering 100 MB to 1,000 MB of data with freeware sniffers commonly distributed on the Web. Anybody with a $60 wireless PC card and a laptop can collect that data in three to 30 hours on a typical wireless network. From that point on, freeware utilities can easily break the WEP code.
Making things worse, range is not your friend-you're vulnerable to this type of intrusion from points way beyond your parking lot. Ten dollars' worth of stuff from Radio Shack and a Pringles potato chip can will boost an 802.11 card's 100-foot range to about 10 miles line of sight. And we won't even discuss what an industrial-grade directional antenna can do to you.
Because the 802.11 standard has no facility to centrally manage or distribute keys, WEP is fatally crippled by the fact that its keys are the same for all users and all sessions, and the keys never change. Attempting to manually change the WEP keys is highly impractical.
Many IT pros think they've found an answer with the use of VPNs, but VPNs for wireless LANs are not very practical, convenient, or totally secure. First of all, VPNs require users to take the extra step in making a VPN connection after securing a wireless LAN connection. In addition, any interruptions in service (which are common for wireless LANs) will terminate the VPN connection and force users to reconnect to the VPN server.
On the issue of security, only the traffic to the VPN server is encrypted, so the wireless LAN interface itself is left wide open, forcing the need to run a personal firewall on the WLAN interface. Many vendors have come up with solutions to address some of these security and convenience issues. But licensing is costly, and these products don't address the fundamental issue of wireless security. What is really needed is a WEP that works.
[an error occurred while processing this directive]
