WPA and WEP
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: WPA and WEP

  1. #1
    Senior Member
    Join Date
    May 2002
    Posts
    256

    Question WPA and WEP

    I have heard that WEP is exploitable but WPA is not, is this true? A coworker claims regardless of what bit security a WEP device has, his linux box can "tap into it".

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    If you can support WPA, you should use it as WEP is trivial to break with enough time to
    gather enough packets for a proper guess.

    WPA is still in interim status while a better methodology is developed. AFAIK

    Also keep in mind, WPA implementations are not all the same and some devices can
    have a hard time talking to other WPA devices. I have not experienced any problems but
    have read about several.

    With wireless, I don't consider any secure enough not to worry.
    Consider adding a VPN tunnel to your wifi if you are a privacy freak.

  3. #3
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    wildred, good question. I'm just getting into wireless routers myself and in looking for an answer for you, I got some answers myself . Anyways, here's a link that explains in depth the differences between WEP and WPA. Check it out, see if it answers your question.

    http://www.nwfusion.com/columnists/2...19wizards.html
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    WPA is *much* better than WEP because (at least with Cisco gear using their ACS device) you can configure a dynamic key exchange to take place every 15 seconds or so. You'll never be able to break that. Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea. The frontend authentication and key exchange process which happens between the host and the WAP of course happens first. This is a two-way authentication process. Thus far, we've been unable to interfere with this architecture but we're far from giving up. So you see, a simple WEP key setup vs a robust WPA setup (Cisco EAP-FAST in my case) can't compare.

    Anyway, FWIW.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by thehorse13
    Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea.

    --TH13
    Wow 15 seconds, very cool.

    Hey do you use IAS for the auth to AD or another tool?

  6. #6
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Day All,

    I was just reading up on WEP the other day and the run-of-the-mill WEP allows 10,000 packets to pass before any key exchange. The TH13's 15 seconds for WPA would definitely be the way to go.

    cheers
    Connection refused, try again later.

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Wow 15 seconds, very cool.

    Hey do you use IAS for the auth to AD or another tool?
    We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    have a look at this one. might help answer some stuff.

    Dispelling the Myth of Wireless Security
    http://www.oreillynet.com/pub/a/wire...ap1/index.html
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by thehorse13
    We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).
    Can you throw a model number out there so I can check it out.

    Love to bring one in to review.

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Sure, I have 1200 series (and a few shitty 340s) WAPS all managed by this:

    http://www.cisco.com/en/US/products/sw/cscowork/ps3915/

    This includes batch IOS updates, dynamic ACL changes in the event of a threat, system and WAP infoz, etc.

    The actual auth component is this:
    http://www.cisco.com/en/US/products/...338/index.html

    It talks to AD and decides what boxes/networks you can get to.

    That should keep ya busy for a while.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •