Security Basics mailing list archives
RE: Dumb question abt. Wireless WEP security
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Thu, 22 Jan 2004 12:25:15 -0800
After being a wireless engineer for over a year I'll offer some humble advice. The Cisco Aironet LEAP system, or any system that will rotate pre-designed keys after a while can be broken, it just takes a lot longer. I haven't tired to hack a wireless network in over a year so I don't know if the technology improved any, but when deploying wireless you need to think of more then WEP the placement and technology of your devices matters a lot. You can use WEP in coordination with other technologies, VPN, IPSEC, etc to make your network more secure. For customer (SMB/SOHO) locations we used normal WiFi gear. We used MAC control, disabled the broadcasting of the SSID and enabled WEP and that was a good 'secure by default' solution. The attacker would need to guess the SSID, then get around the MAC control then guess the WEP key before being able to get access to the network. Still not the most secure but fine for most people out there. At a 'big' business deployment we used two Aironet 350's to bridge to distant buildings. The buildings were at a fairly remote location and no 'other' people were between the two buildings. We ran at 2.4Ghz (which is clear in that 'small' area) and used directional Yagi antennas to complete the connection, which kept the signal in a directional and controlled manor. The antennas were mounted in front of a wall so the signal pretty much stopped at the wall. You only had a little play between the two yagi's before your signal faded, which was security all on its own. We also used the LEAP/WEP Rotation and other Cisco features to secure the connection. Using materials to 'soak up' the signal you can prevent the signal from propagating and keep it extremely controlled. Some of the casino's in my area use this technique and you would have to be floating in mid air right between the buildings to even see the signal. The wavelength of a 2.4Ghz band transmitter is smaller then that of say a 5Ghz. Basically the lower you go the smaller 'footprint' your signal has. So the 2.4Ghz signal can pass through more things then the 5.0Ghz signal. We proved this true when using our two wireless internet broadband products at the ISP I worked for. Basically, you should always watch where you place your AP and know how your signal will propagate. I strongly suggest anyone wanting a P-T-P/P-T-M wireless solution take a look at http://www.trangobroadband.com/ or http://www.orinocowireless.com. We used the Trango solution for our wireless internet. It runs at 5.0Ghz and uses a custom encryption sequence that protects the entire packet in the air. Not only is 5.0Ghz out of band for the vast majority of wardrivers out there, they can't connect to the AP unless you've added their MAC and UnitID to the AP. We used the Tsunami gear for very long distance (12+ miles) for T3 speed connections running in the 12Ghz range, very secure. Another system we looked at was from SonicWall. It used wifi for the actual connection medium but then used VPN layered on top of that as the transport medium, it was very secure but you could only have 12 or so units connected, and using VPN, at a time. Which might have changed, but we demoed their first version of the unit. I'm sorry if I trailed too much for you but there is some reason to my madness. WEP is a 'part' of wireless security and not THE security. Too many people, IMNSHO, think and talk like it is the end-all of wireless security and therein the problem lies. If you setup just an AP with just WEP you are not using what you have effectively. If you setup a WiFi properly, even the SOHO ones, you can make yourself pretty secure, you have the tools, use them wisely. I'll step off the soapbox when someone gives me a cookie! :-) Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: Vizo Bilisim Ltd. [mailto:vizo () vizo com] Sent: Tuesday, January 20, 2004 6:24 AM To: security-basics () securityfocus com Subject: Dumb question abt. Wireless WEP security Hi all, There seems a general understanding that WEP is not secure enough, because theoretically WEP encyrption can be broken. The question is abot the practical usage; how easy it is for WEP to be broken? Does it suffice to sniff the wireless network for one hour, or do we need to sniff for few days? What happens if the wireless network is periodically stopped let's say every 10 hours for 15 minutes, Regards, Veli I. Cigirgan Vizo Bilisim Sistemleri Ltd. Istanbul Tel:+90(212)210 2657 Fax:+90(212)210 3678 ------------------------------------------------------------------------ --- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Dumb question abt. Wireless WEP security Vizo Bilisim Ltd. (Jan 20)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- RE: Dumb question abt. Wireless WEP security Michael P. Kassner (Jan 22)
- Re: Dumb question abt. Wireless WEP security Greg Tracy (Jan 22)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Steve Frank (Jan 20)
- RE: Dumb question abt. Wireless WEP security Sarbjit Singh Gill (Jan 21)
- <Possible follow-ups>
- RE: Dumb question abt. Wireless WEP security jburzenski (Jan 20)
- RE: Dumb question abt. Wireless WEP security Rosenhan, David (Jan 20)
- RE: Dumb question abt. Wireless WEP security Giraldo Alonso Suárez (Jan 22)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 22)
- Re: Dumb question abt. Wireless WEP security crtech (Jan 26)
- RE: Dumb question abt. Wireless WEP security Bruyere, Michel (Jan 26)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 26)