Careers & Certifications

05:00 AM
Commentary
Commentary
Commentary
50%
50%

No Trespassing

WEP warns potential intruders your wireless network is private property and they will suffer the consequences if they cross the line.

Knock Three Times ...

How can the airwaves--particularly the ISM (Industrial, Scientific and Medical) 2.4-GHz shared-usage frequencies--be private property? They can't. But the equipment that supports the WLAN is private, and that's what people are trespassing on. When WEP is enabled on a WLAN access point, the PC, PDA, inventory scanner, WLAN phone or other wireless device must have the same key as the AP to gain admittance to the WLAN. The owner of a device that doesn't have the key must break the key if he or she is determined to get in. I've heard researchers claim that the vast majority of people will not enter property with a No Trespassing sign posted at the gate. Based on informal discussions with readers and security seminar attendees, I'd have to agree--even those who want to see for themselves how easy it is to attack a WEP key say they'd do so only with the WLAN owner's permission.

In this limited use of WEP, you're not trying to keep your WLAN safe from attackers--you have firewalls, VPNs, IDSs and static IP addresses to do that. You're just posting the No Trespassing sign. This means you don't need a different WEP key for every workstation and you don't need to change each WEP key every 10,000 data frames. Not that you should just set it and forget it; you should change your WEP key as often as you'd weed the area around a No Trespassing sign in your yard.

And because all WLAN devices support up to four concurrent WEP keys but use only one of them for encryption, you can implement a simple three-step key rollover process. Step 1, stage the new key in all the access points; Step 2, add the key to the wireless devices and designate it the encryption key; Step 3, after all the wireless devices have been updated, set the new key as the encryption key in the access points. This will help keep the weeds around your No Trespassing sign at bay.

If a user complains that he or she can't access the WLAN, check the WEP key number he or she is using to determine whether it's current. Just be sure your WLAN's SSID (Service Set Identifier) is pronounceable: Red, Maple Tree and Eagle are names that leap to mind.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed