We know that a shared secret kept secret a long time, the more it is shared, most his time of life is short.
three big weaknesses are identified in the WEP system :
• the fact that the secret is shared, which introduces a weakness in the so-called secret
• the mode of distribution of the static key (which is renewed by the goodwill of the network administrator)
• the encryption protocol itself, which is considered low.
The second point is often reinforced by the OEMs by proposing to introduce not one key, but several, simply indicating the index of the currently used key. In other words, the administrator can configure different nodes of the network with a set of several keys (4 in the case of the access point use here) indicating what is currently the key used.
It is a complement to protection only applies if the active key is often changed, and randomly, as much as possible. But this process of change of active key remains manual and must be run on all nodes in the network.
Currently, the key length can be 64-bit or 128-bit, which is both true and false.
RC4 requires an \initialization vector\ of 24 bits, which is generated by RC4 itself, if while the key defined by the administrator will actually make 40 or 102-bit shared key can also be used to make a pseudo nodes on the network authentication.
If one chooses the authentication called \shared-key\, when a client will try to connect to an access point, the latter will send a plaintext, that the client will encrypt and will return to the access point.
The access point will be able to check that the customer has right of the key and the customer, if it is accepted by the access point will deduce that the AP has the same key as him.
So also, all indiscreet who look at what's happening on your network can have a plaintext and its encrypted equivalent, which is a first-rate information to discover the famous key. Therefore, avoid using this authentication method.
For the rest, RC4 will do its job and will encrypt the frames circulating on the wireless network, to level 2 (transport).
Here, we are entering the computer field. The indiscreet post at a point where it can capture frames on your network. It will then record on his machine everything that it captures, to discover
the weak points of the RC4 system applied to the 802.11 standard. A tool like Airodump did that very well, and in real time the number of (IV) initialization vectors that may help another (Aircrack) tool to discover your key. It is estimated that for a key of 64-bit (40 actually), a sample of 200 000 representative frames allows to deduce the key within minutes.
Recover the representative sample can take a \long time\, which depends on the traffic generated on your network. The technique is (for now) purely passive, if your network is not used (the case for example of a personal wireless network, which only serves to share an internet connection for two or three guests),
the operation may last for several weeks. In the case of a corporate network, it can naturally go faster.
In such a case, regardless of the 'natural' traffic generated on your network, the hacker will probably succeed to recover its cross-section in one or two days at most.
WEP can reasonably be used in very limiting cases and with strong
administrative constraints :
• network intrusion must present that little interest, it is an important element that determines the motivation of the intruder. Your home network will probably not the most interesting prey, which will be certainly less true for your business network
• traffic must naturally be the lowest possible
• It is better to ensure that traffic is in line with the use you have in your network
• the shared key must be changed as often as possible, because in the worst case, we can estimate that the life expectancy of a 64-bit key is only about a day. Use a 128-bit key, which will require a large representative sample, this will add (a little) life expectancy
• the number of nodes should be as low as possible (less a secret is shared, the less likely to flee).
You guessed it, WEP is to be avoided in business and is usable with precautions, just in
There are several variations of the 802.11 standard. Among the most common :
• 802 .11b. As its name does not, she is the oldest and most common, is one that has been used for this presentation, it offers a theoretical rate of 11 Mbps and uses the 2.4 GHz frequency band
• 802.11 a. More fast (theoretical throughput of 54Mbps), it uses the 5 GHz band and is not compatible with the 802.11 standard
• 802. 11 g. It also offers a theoretical throughput of 54Mbps, but in the 2.4 GHz band, allowing it to remain compatible with 802 .11b equipment.
All of these standards include WEP protection system, which we saw the limits. In front of the risks involved, it was developed a system of stronger encryption, WPA, which should be included in the 802.11i standard.
WPA is more \solid\ than WEP, but needs to be more efficient heavy infrastructure, including an authentication server as a RADIUS server (used on type PPP connections). It is however necessary to achieve acceptable safety in the workplace.
For a personal environment, WPA can still be implemented without the presence of an authentication server. So it boils down to a close (in implementation) system of the WEP, but with a more robust encryption system.
WPA is included on recent equipment to the 802.11 g Standard, but could be added also to the 802.11 standards has and 802 .11b.
For the record, WPA is already in its second version, the first having been proven too unreliable just days after his announcement.
Finally, in a professional environment, it is necessary to adopt the most effective method, namely WPA, with an authentication server, allowing to authenticate the station that connects but also the person who uses it (that WEP does not do), and will allow a difficult to crack encryption.
In a personal environment, we can use the WPA without authentication server, with a \pass phrase\ (kind of much longer than a regular password password) if all of the equipment available supports this method, otherwise, it will fall back on WEP, with a longest possible key, and he will think to change fairly regularly. It's too risky, even for domestic use, to set up a wireless network without encryption.
It has nothing to do with security, but this technique that uses, let us remember, multiple antennas and multiple shows (on the same channel or not, following implementations), in order to best manage problems related to reflections and removals of waves by obstacles seems very promising, according to tests published on this topic.
The major drawback in an era where these lines are written, is that the process is not entirely standardized and that the solutions proposed by the various manufacturers are not necessarily compatible between them, and worse, it may even be perfectly incompatible.
Unless you undertake not to use the services that one manufacturer, so it seems better to wait for a more mature this technology which should be included in 802.11n