Security Basics mailing list archives
Re: Is Dynamic WEP Secure Enough?
From: John Pettitt <jpp () cloudview com>
Date: Mon, 21 Mar 2005 14:31:56 -0800
Jon Smith wrote:
Hi I am responsible for a large wireless infrastructure upgrade. Right now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID (I have others with much lower security requirements). I cannot easily go to WPA without ditching all my current devices that do not support it (good luck getting that past the CFO). We have a lot of physical security and surveillance with very tight controls, my primary area of concern would be people like myself sitting in the parking lot. Due to one of our applications, we will be sending a clear strong signal to the parking lot. Is this enough security and encryption to significantly slow intrusion attempts? Between direction finding capabilities of the Access Points and our roaming guards it would be a matter of time before we detected them. Thanks Rocko
All wireless networks are public and should be treated as such. Two things to consider: 1) Even with a dynamically generated WEP key you're still vulnerable to active attacks that can force the generation of lots of traffic and or just mess with your network. See http://www.securityfocus.com/infocus/1824 2) If you can access from the parking lot with a regular laptop you can access from the next town with a parabolic antenna. Unless you guards roam huge distances you won't be able to protect the signal. - See http://www.radiolabs.com/products/antennas/2.4gig/stage4.php Suggestion: forget WEP - get a good ipsec based vpn system, put the access points on a DMZ lan and require use of the VPN client to get access to anything other than a "help page" web server.
Current thread:
- Is Dynamic WEP Secure Enough? Jon Smith (Mar 21)
- Re: Is Dynamic WEP Secure Enough? John Pettitt (Mar 21)
- Re: Is Dynamic WEP Secure Enough? Vladamir (Mar 21)
- Re: Is Dynamic WEP Secure Enough? Kelly Martin (Mar 21)
- Re: Is Dynamic WEP Secure Enough? Vladamir (Mar 22)
- RE: Is Dynamic WEP Secure Enough? David Gillett (Mar 22)
- Re: Is Dynamic WEP Secure Enough? Steve (Mar 22)
- <Possible follow-ups>
- Re: Is Dynamic WEP Secure Enough? Jon Smith (Mar 22)
- Re: Is Dynamic WEP Secure Enough? shankarnarayan.d (Mar 23)
- Re: Is Dynamic WEP Secure Enough? John Pettitt (Mar 23)
- Re: Is Dynamic WEP Secure Enough? Vladamir (Mar 23)
- Re: Is Dynamic WEP Secure Enough? Kinnell (Mar 28)