Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

No Trespassing

Knock Three Times ...

How can the airwaves--particularly the ISM (Industrial, Scientific and Medical) 2.4-GHz shared-usage frequencies--be private property? They can't. But the equipment that supports the WLAN is private, and that's what people are trespassing on. When WEP is enabled on a WLAN access point, the PC, PDA, inventory scanner, WLAN phone or other wireless device must have the same key as the AP to gain admittance to the WLAN. The owner of a device that doesn't have the key must break the key if he or she is determined to get in. I've heard researchers claim that the vast majority of people will not enter property with a No Trespassing sign posted at the gate. Based on informal discussions with readers and security seminar attendees, I'd have to agree--even those who want to see for themselves how easy it is to attack a WEP key say they'd do so only with the WLAN owner's permission.

In this limited use of WEP, you're not trying to keep your WLAN safe from attackers--you have firewalls, VPNs, IDSs and static IP addresses to do that. You're just posting the No Trespassing sign. This means you don't need a different WEP key for every workstation and you don't need to change each WEP key every 10,000 data frames. Not that you should just set it and forget it; you should change your WEP key as often as you'd weed the area around a No Trespassing sign in your yard.

And because all WLAN devices support up to four concurrent WEP keys but use only one of them for encryption, you can implement a simple three-step key rollover process. Step 1, stage the new key in all the access points; Step 2, add the key to the wireless devices and designate it the encryption key; Step 3, after all the wireless devices have been updated, set the new key as the encryption key in the access points. This will help keep the weeds around your No Trespassing sign at bay.

If a user complains that he or she can't access the WLAN, check the WEP key number he or she is using to determine whether it's current. Just be sure your WLAN's SSID (Service Set Identifier) is pronounceable: Red, Maple Tree and Eagle are names that leap to mind.

  • 1