WEP - stil insecure?

Discussion in 'Wireless Networks' started by jim, May 29, 2008.

  1. jim

    jim Guest

    Just t make sure I am not missing something, I thought I'd throw out these
    questions...

    Is WEP still as insecure as it was reported to be circa 2001?

    What if you have WEP into a network that requires logging in to the server
    (like a 2003 Windows server) - is WEP still an issue?

    Can you "make WEP secure"?

    Is there any valid reason to use WEP in a business environment?

    Thanks!

    jim
     
    jim, May 29, 2008
    #1
    1. Advertisements

  2. jim

    Barb Bowman Guest

    WEP can be hacked in under 30 seconds. I can't imagine why anyone
    would want to use it. If a business does not upgrade their hardware
    and users systems and is stuck on WEP, yes there is risk.

    --

    Barb Bowman
    MS-MVP
    http://www.microsoft.com/windowsxp/expertzone/meetexperts/bowman.mspx
    http://blogs.digitalmediaphile.com/barb/
     
    Barb Bowman, May 29, 2008
    #2
    1. Advertisements

  3. jim

    F8BOE Guest


    No WEP 256 and WEP 512 bits are still secure here.
     
    F8BOE, May 29, 2008
    #3
  4. jim

    ps56k Guest

    I always find it interesting in these discussions - here and elsewhere -
    that folks are always saying that WEP is not secure...
    My question is - from whom ???

    How many "posters" that mention this have actually hacked a WEP network ?
    I mean, I can drive around and see over a dozen APs in my neighborhood,
    and sometimes try and connect to the ":unprotected" ones...
    For those that have WEP, I don't even bother -
    not really interesting in actually putting forth the time and effort "to say
    I can do it".
    Others may be more dedicated.

    SO - for me - at home - I run MAC address filtering -

    At our local school district, and at work I think they are running
    "something",
    but never really looked to see.... WEP, WPA, etc

    You might have a more dedicated audience at these locations,
    that really want to get into the network - and therefore Wxx security might
    be justified.
     
    ps56k, May 29, 2008
    #4
  5. jim

    John Guest

    John, May 29, 2008
    #5
  6. Hi
    From the weakest to the strongest, Wireless security capacity is.
    No Security
    MAC______(Band Aid if nothing else is available).
    WEP64____(Easy, to "Break" by knowledgeable people).
    WEP128___(A little Harder, but "Hackable" too).
    WPA-PSK__(Very Hard to Break).
    WPA-AES__(Not functionally Breakable)
    WPA2____ (Not functionally Breakable).
    Note 1: WPA-AES the the current entry level rendition of WPA2.
    Note 2: If you use WinXP and did not updated it you would have to download
    the WPA2 patch from Microsoft. http://support.microsoft.com/kb/893357
    The documentation of your Wireless devices (Wireless Router, and Wireless
    Computer's Card) should state the type of security that is available with
    your Wireless hardware.
    All devices MUST be set to the same security level using the same pass
    phrase.
    Therefore the security must be set according what ever is the best possible
    of one of the Wireless devices.
    I.e. even if most of your system might be capable to be configured to the
    max. with WPA2, but one device is only capable to be configured to max . of
    WEP, to whole system must be configured to WEP.
    If you need more good security and one device (like a Wireless card that can
    do WEP only) is holding better security for the whole Network, replace the
    device with a better one.
    Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html
    The Core differences between WEP, WPA, and WPA2 -
    http://www.ezlan.net/wpa_wep.html
    Jack (MVP-Networking).
     
    Jack \(MVP-Networking\)., May 30, 2008
    #6
  7. jim

    James Egan Guest

    WPA with tkip (as opposed to aes) was written so that it could be
    installed as a software upgrade to existing hardware running wep
    whereas aes required different hardware. So in that respect wep can be
    made more secure except it's not called wep anymore. It's called wpa.

    More accurately, "can hardware running wep be made more secure"? Yes.


    Jim.
     
    James Egan, May 30, 2008
    #7
  8. jim

    James Egan Guest


    And that's wep's biggest plus point. There are enough completely open
    networks to hack into that it's too much hassle to hack into a wep
    encrypted one albeit very easy and automated these days. Also the
    people who have open networks are more likely to be lax on file
    sharing security too.

    That hardly makes wep secure, though.


    Jim.
     
    James Egan, May 30, 2008
    #8
  9. jim

    Barb Bowman Guest

    the high school kids around here see it as a game and a challenge.
    is this connected to local police investigations of data theft and
    local news editorials about proper wireless security..?

    *I* am not interested in trying out tools to hack WEP. I'm
    interested in making sure folks have the opportunity to read how
    insecure it is. WPA2 is the best available security. WPA is next
    (and can only be hacked via a dictionary attack so use a strong
    random passphrase).

    --

    Barb Bowman
    MS-MVP
    http://www.microsoft.com/windowsxp/expertzone/meetexperts/bowman.mspx
    http://blogs.digitalmediaphile.com/barb/
     
    Barb Bowman, May 30, 2008
    #9
  10. jim

    jim Guest

    Is all WEP hardware upgradable or do you just have to look to each vendor to
    find out?
     
    jim, May 30, 2008
    #10
  11. jim

    Chuck [MVP] Guest

    WEP is not secure - period.

    Right now, it's more secure than a completely unsecured network, and that's the
    best that you can say for it. As completely unsecured networks become rarer -
    and in some neighbourhoods, that's happening - networks "secured" by WEP will
    become more interesting to malicious users.

    You're right, not every wardriver wants to hack into your network. But all that
    it takes is one. It's a risk, like everything. As WPA / WPA2 use becomes more
    common, WEP will become more popular with the kidz. A 30 second hack will
    become 15 seconds, then 5 later.

    There's no law that requires most businesses to use WPA. I'm not sure that the
    US Govt standards HIPAA, SOX, etc, even explicitly require such. I do know,
    though, that the principle of "due diligence" encourages us to require WPA
    whenever possible.

    And so we will recommend WPA /WPA2. You're welcome to do as your heart leads
    you.
     
    Chuck [MVP], May 30, 2008
    #11
  12. jim

    John Guest

    Very few people would bother trying to open a closed door (but not locked)
    when an open door is available unless they're really bored or have so much
    time in their hands. So yes, WEP is "secure", well... that's not the correct
    choice of word, WEP is better than an unsecured network.
    (Almost) useless and give us nothing but more work when adding new computers
    in the WiFi network. MAC filter offers another hoop to jump thru but won't
    stop experienced hackers but hey, it is your network so you're free to do
    what you like.
     
    John, May 30, 2008
    #12
  13. Yea, it would be reasonable for a home-user network of only a few machines.
    But try to maintain that list when you have 100 or 500 machines at a
    business.

    I'm not too worried about MAC spoofing becuase the intruder would have to
    know of a specific MAC that is "allowed" and set their machine to that. But
    then even that would only work dependably if the machine that actually owns
    that MAC is turned off. Otherwise you end up with an addess conflict at
    Layer2 and the connection would be unstabile and "wacky". The ARP & RARP
    would give inconsistent results each time it occured.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, May 30, 2008
    #13
  14. jim

    jim Guest

    What about a brute force attack on MACs?

    Assuming you have a PC to attack from that is housed relatively close to the
    target, it seems trivial to simply let it hack away until it hits on
    something.

    jim
     
    jim, May 31, 2008
    #14
  15. jim

    James Egan Guest

    I suppose there must be exceptions somewhere along the line, but that
    was the plan in developing wpa tkip. it uses a stream cipher just like
    wep but beef's up on some of wep's vulnerabilities.

    In reality the issue isn't "is my wep hardware upgradeable?" but
    "could the manufacturer be bothered writing software upgrades for
    legacy equipment?". It probably is upgradeable but maybe doesn't have
    an upgrade available. At the end of the day it amounts to the same
    thing. The continued use of wep.

    You may find that some "new" hardware has been boxed up for so long
    that the initial installation only supports wep. That's usually just a
    matter of visiting the manufacturer's website for a software upgrade.
    For the real legacy stuff, I think they would prefer to give you an
    incentive to buy some new equipment and save themselves some work in
    the process.


    Jim.
     
    James Egan, May 31, 2008
    #15
  16. Besides the fact that is has 281,474,976,710,656 addresses to choose from as
    Frankster pointed out,..and that it would take a few seconds for the WAP's
    radio and protocols to attempt to establish a connection with each
    address,....the dinosaurs will probably be *back* by then.

    But even if an allowed MAC is hit,...you still have the problem of address
    conflicts. You can not have two machines on a network with the same Layer2
    address just like you can not have two machines on the LAN with the same
    Layer3 address.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jun 2, 2008
    #16
  17. Dimwit?

    How are you going to sniff the traffic if you are not on the network to
    sniff it?
    You can't sniff the network until you are on it,...you can't GET on it until
    you already have a valid Layer2&3 address and be on the network to run the
    sniffer,...at which point you no longer need the sniffer,..dimwit.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
     
    Phillip Windell, Jun 9, 2008
    #17
  18. jim

    jim Guest

    heh heh heh.....

    Your ignorance makes me giggle.

    jim
     
    jim, Jun 10, 2008
    #18
  19. Explain it.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jun 10, 2008
    #19
  20. What? Read the full context of the post. The "valid" Layer "2" address is
    defined by the AccessPoint/Router of the guy who said is used MAC Address
    Filtering. I used "invalid" to mean a MAC that is not on the approved
    list.

    I'm willing to listen to reasonable explainations from poeple who aren't
    going to be juveniles short of a few childhood beatings,..

    So put your explaination in the context of:

    On a wireless system...
    1. First get past the WEP (supposed to be not big deal)
    2. Then get past the MAC filtering without first breaking into the building
    to plug your machine in the wired side of the network to sniff anything

    How would you do it? I'm not sarcastic,..I actually want to hear it.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jun 10, 2008
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.