Wired Equivalent Privacy (WEP)

Because Wi-Fi networks use radio signals for communication, the packets transferred between wireless clients and access points are literally floating in thin air, for the entire world to see. Even without the ability to associate with an access point, any user running a wireless packet capture utility like AirSnort can literally capture packets and view their contents. To the untrained eye, these packets might seem to contain a fairly useless hodge-podge of information such as an address of a URL being visited by a wireless user. To a potential hacker, however, the information contained within these packets is exceptionally useful. Not only will they provide information such as the IP address range in use on the network, they will also include the network SSID and more. Armed with this information, a hacker looking to connect has already removed a great deal of the guesswork associated with accessing the network.

While you may not be able to control the air over which radio signals travel, you can take steps to control the information that is made visible during wireless transmissions. Just about every access point and wireless network card sold today supports an encryption standard known as Wired Equivalent Privacy, more commonly referred to as WEP. At the most basic level, WEP settings must be configured on both access points and on client systems in order to encrypt the traffic that passes between them. This is usually as simple as turning the setting on in the properties of each, and then configuring what is known as a “shared secret” on all systems. The value chosen for a shared secret should be given the same consideration as any network password – it should be complex, and changed fairly regularly. For example, on a corporate wireless network, you should consider changing this value on all systems at least once every month or two.

Unfortunately, WEP is not quite the security standard it was once envisioned to be. Although it is typically made available in both 64- and 128-bit encryption versions, a number of known flaws in the way that WEP encryption keys are stored have led hackers to create a variety of utilities to get past the security that WEP was meant to provide. For example, utilities like AirSnort can often compromise WEP keys in a matter of minutes, and in many cases much less time. For this reason, many experts claim that it may not be worth implementing WEP at all, since it provides only a low barrier to entry for the experienced hacker. However, since WEP is the only real encryption facility provided with most wireless equipment currently on the market, you should still consider implementing it on your network. It’s simply a case of some security being better than none, and to that end, it still provides enough of a barrier to keep inexperienced users at bay.

If you do decide to implement WEP on your network, one additional note of caution from a performance standpoint – the speed of your wireless network will almost certainly take a hit. With WEP configured, performance degradation of anywhere between 15 and 50% is generally considered normal (lower-end access points tend to fare worse) based on the overhead associated with encrypting each packet.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.