Solved

Open WEP analyzed.  802.1X WEP, is it secure?

Posted on 2008-10-28
6
1,369 Views
Last Modified: 2008-12-23
I have read the Open WEP vs WEP Shared and am a little confused about Open WEP as I have never had someone verify my interpretation of Open WEP.  Some say use Open WEP and others say use Shared WEP.  Here is what I am unsure of: With Open WEP no key is supplied, so anyone can attach to the AP and the network behind it.  So, is the Wireless connection encrypted?  If so, I assume the encryption process is based of some random key.  Is the key Random for each wireless user?.  Meaning, 2 or more users are using different random keys?  If not, and the key is the same, then there seems to be little point to using it as I suppose someone can use a sniffer to see your traffic.... if the keys are the same.  If they are not the same, then I am going to assume that Open WEP is very secure from a WIRELESS SNIFFING standpoint.  Meaning, it is very difficult for 2 wireless users to see each others wireless traffic.  I believe this to be true.  Here is why, and completes the title of my question.
I am setting up 802.1X on a brand new Cisco 4404 Wireless controller that is using new 1131 APs in LWAPP mode of course.  I am using certificates that will be pushed down via MS Group Policy to the clients.  So far so good right.   Here is the odd thing.  In Autonomous mode the APs allow for 802.1X WPA.  VERY secure!  However the controller only allows the use of 802.1X WEP..... NO 802.1X WPA option.  So, I know the authentication process is secure, but what about the WEP part.   That leads me to believe that WEP is secure from an encryption standpoint so long as the keys are not known. Back to the above statements... the keys must be random and undetectivle via a sniffer.   So, Shared WEP is not secure because the key can be easily seen via a wireless sniffer.  Open WEP is secure but allows anyone access to the AP...and the network behind it.  One is then reliant on the security of the wired network.  Is this assumption above correct?  So, with 802.1X, the authentication is very strong, and the WEP part must be very strong.  Are my assumptions correct or am I way off.  Hate to be so verbose, but I did not know how to shorten the issue and confusion down.
0
Comment
Question by:Clearwinds
  • 3
6 Comments
 
LVL 19

Expert Comment

by:CoccoBill
ID: 22828746
WEP (Wired Equivalent Privacy) is ridiculously insecure and should not be used as a security measure anywhere:
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy#Flaws

WPA (Wi-Fi Protected Access) is also weak, but possibly adequate in cases where security is not the main concern. Just make sure you use a strong passphrase and change it often:
http://www.wifinetnews.com/archives/002452.html

WPA2 with AES as of now has no known vulnerabilities, and can be considered secure. If security is a concern to you, this is the recommended option.
0
 
LVL 19

Expert Comment

by:CoccoBill
ID: 22828762
Open vs shared WEP means pretty much what you said, typically they're referred to as open key vs shared key. Open key WEP uses the key just for encryption and provides no authentication, anyone who knows the SSID can connect. Shared key uses the key both for authentication and encryption. Use WPA2-PSK (PSK=pre-shared key).
0
 
LVL 25

Expert Comment

by:Ron M
ID: 22838147
WEP, whether open or shared key is the least secure wireless encryption...
Also worth noting.....  WPA2-PSK used in conjunction with MAC filtering can allow snooping of MAC ID's...which are sent unencrypted with each packet....

...I think the wiki explains it best...no point in rewriting it for you...
http://en.wikipedia.org/wiki/Wireless_LAN_Security#Access_Control_at_the_Access_Point_level

Just remember,...no matter what the encryption method you use...it's only as secure as the complexity of the Pre-Shared KEY you are using....  so don't just use single word or simple phrase....
0
 
LVL 19

Accepted Solution

by:
CoccoBill earned 125 total points
ID: 22838488
Pardon my french but that wikipedia article is bs. MAC filtering and SSID hiding have nothing to do with security, for anyone wanting to break in they are merely a short distraction, but both of them make the network less user friendly and harder to manage. The passphrase weakness pertains to WPA-PSK and WPA2-PSK, but obviously goes for any passwords used anywhere, use ones that are strong enough.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now