RE: Dumb question abt. Wireless WEP security

["Shawn Jackson" <sjackson () horizonusa com>]

        After being a wireless engineer for over a year I'll offer some
humble advice. The Cisco Aironet LEAP system, or any system that will
rotate pre-designed keys after a while can be broken, it just takes a
lot longer. I haven't tired to hack a wireless network in over a year so
I don't know if the technology improved any, but when deploying wireless
you need to think of more then WEP the placement and technology of your
devices matters a lot. You can use WEP in coordination with other
technologies, VPN, IPSEC, etc to make your network more secure. For
customer (SMB/SOHO) locations we used normal WiFi gear. We used MAC
control, disabled the broadcasting of the SSID and enabled WEP and that
was a good 'secure by default' solution. The attacker would need to
guess the SSID, then get around the MAC control then guess the WEP key
before being able to get access to the network. Still not the most
secure but fine for most people out there.

        At a 'big' business deployment we used two Aironet 350's to
bridge to distant buildings. The buildings were at a fairly remote
location and no 'other' people were between the two buildings. We ran at
2.4Ghz (which is clear in that 'small' area) and used directional Yagi
antennas to complete the connection, which kept the signal in a
directional and controlled manor. The antennas were mounted in front of
a wall so the signal pretty much stopped at the wall. You only had a
little play between the two yagi's before your signal faded, which was
security all on its own. We also used the LEAP/WEP Rotation and other
Cisco features to secure the connection. Using materials to 'soak up'
the signal you can prevent the signal from propagating and keep it
extremely controlled. Some of the casino's in my area use this technique
and you would have to be floating in mid air right between the buildings
to even see the signal.

        The wavelength of a 2.4Ghz band transmitter is smaller then that
of say a 5Ghz. Basically the lower you go the smaller 'footprint' your
signal has. So the 2.4Ghz signal can pass through more things then the
5.0Ghz signal. We proved this true when using our two wireless internet
broadband products at the ISP I worked for. Basically, you should always
watch where you place your AP and know how your signal will propagate.

        I strongly suggest anyone wanting a P-T-P/P-T-M wireless
solution take a look at http://www.trangobroadband.com/ or
http://www.orinocowireless.com. We used the Trango solution for our
wireless internet. It runs at 5.0Ghz and uses a custom encryption
sequence that protects the entire packet in the air. Not only is 5.0Ghz
out of band for the vast majority of wardrivers out there, they can't
connect to the AP unless you've added their MAC and UnitID to the AP. We
used the Tsunami gear for very long distance (12+ miles) for T3 speed
connections running in the 12Ghz range, very secure.

        Another system we looked at was from SonicWall. It used wifi for
the actual connection medium but then used VPN layered on top of that as
the transport medium, it was very secure but you could only have 12 or
so units connected, and using VPN, at a time. Which might have changed,
but we demoed their first version of the unit.

        I'm sorry if I trailed too much for you but there is some reason
to my madness. WEP is a 'part' of wireless security and not THE
security. Too many people, IMNSHO, think and talk like it is the end-all
of wireless security and therein the problem lies. If you setup just an
AP with just WEP you are not using what you have effectively. If you
setup a WiFi properly, even the SOHO ones, you can make yourself pretty
secure, you have the tools, use them wisely.

        I'll step off the soapbox when someone gives me a cookie! :-)

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
             (800) 325-1199 x338


-----Original Message-----
From: Vizo Bilisim Ltd. [mailto:vizo () vizo com] 
Sent: Tuesday, January 20, 2004 6:24 AM
To: security-basics () securityfocus com
Subject: Dumb question abt. Wireless WEP security

Hi all,

There seems a general understanding that WEP is not secure enough,
because
theoretically WEP encyrption can be broken. 

The question is abot the practical usage; how easy it is for WEP to be
broken?

Does it suffice to sniff the wireless network for one hour, or do we
need to
sniff for few days? What happens if the wireless network is periodically
stopped let's say every 10 hours for 15 minutes,   

Regards,

Veli I. Cigirgan
Vizo Bilisim Sistemleri Ltd.
Istanbul
Tel:+90(212)210 2657
Fax:+90(212)210 3678 


------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------