Wireless (WiFi) (802.11b) Network Security IssuesDealt with by Certified CWNA Engineer ..

It has come to my attention that 82% of the 802.11b (WiFi) wireless networks operating at a very recent networking exhibition were running without basic WEP encryption. While some of these networks would have been for public use and experimentation, it seems unlikely that none of them would have been connected in some way to corporate networks.

Some of these networks may have been running other forms of security over the network, for example, VPNs between the clients and the corporate networks and their firewalls, this may not have been the case for all the exhibitors and data on locally connected PCs may have been exposed.

With the advent of cheap and easy-to-use wireless networking products, the growth of wireless network deployment in recent months has been rapid. However "plug and play" utilisation of this technology has meant that the minimal security of this technology in its "out of the box" / default configuration is nearly always employed.

This situation can be improved in the following ways :-

First and foremost, WEP (Wired Equivalent Privacy), provides some cryptographic protection to wireless traffic. It comes in two modes, .. weak and less weak, with a key exchange system ultimately authenticated by a high level shared key. Both are crackable.

The access points (wireless routers) are capable of limiting access to the wireless LAN based on the MAC (hardware) address of the card. However, WEP can be cracked fairly easily as there are no wires to physically protect and the signal area is not easy to limit to the company's premises. This makes possible external access to the LAN "wire" and the WEP can then be cracked quickly as the encryption method used is weak.