-
October 14th, 2004, 08:53 PM
#1
WPA and WEP
I have heard that WEP is exploitable but WPA is not, is this true? A coworker claims regardless of what bit security a WEP device has, his linux box can "tap into it".
-
October 14th, 2004, 09:11 PM
#2
If you can support WPA, you should use it as WEP is trivial to break with enough time to
gather enough packets for a proper guess.
WPA is still in interim status while a better methodology is developed. AFAIK
Also keep in mind, WPA implementations are not all the same and some devices can
have a hard time talking to other WPA devices. I have not experienced any problems but
have read about several.
With wireless, I don't consider any secure enough not to worry.
Consider adding a VPN tunnel to your wifi if you are a privacy freak.
-
October 14th, 2004, 09:18 PM
#3
wildred, good question. I'm just getting into wireless routers myself and in looking for an answer for you, I got some answers myself . Anyways, here's a link that explains in depth the differences between WEP and WPA. Check it out, see if it answers your question.
http://www.nwfusion.com/columnists/2...19wizards.html
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
October 14th, 2004, 09:44 PM
#4
WPA is *much* better than WEP because (at least with Cisco gear using their ACS device) you can configure a dynamic key exchange to take place every 15 seconds or so. You'll never be able to break that. Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea. The frontend authentication and key exchange process which happens between the host and the WAP of course happens first. This is a two-way authentication process. Thus far, we've been unable to interfere with this architecture but we're far from giving up. So you see, a simple WEP key setup vs a robust WPA setup (Cisco EAP-FAST in my case) can't compare.
Anyway, FWIW.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 14th, 2004, 10:12 PM
#5
Originally posted here by thehorse13
Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea.
--TH13
Wow 15 seconds, very cool.
Hey do you use IAS for the auth to AD or another tool?
-
October 14th, 2004, 11:55 PM
#6
Good Day All,
I was just reading up on WEP the other day and the run-of-the-mill WEP allows 10,000 packets to pass before any key exchange. The TH13's 15 seconds for WPA would definitely be the way to go.
cheers
Connection refused, try again later.
-
October 15th, 2004, 12:37 AM
#7
Wow 15 seconds, very cool.
Hey do you use IAS for the auth to AD or another tool?
We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 15th, 2004, 04:18 AM
#8
have a look at this one. might help answer some stuff.
Dispelling the Myth of Wireless Security
http://www.oreillynet.com/pub/a/wire...ap1/index.html
-
October 15th, 2004, 04:56 AM
#9
Originally posted here by thehorse13
We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).
Can you throw a model number out there so I can check it out.
Love to bring one in to review.
-
October 15th, 2004, 02:23 PM
#10
Sure, I have 1200 series (and a few shitty 340s) WAPS all managed by this:
http://www.cisco.com/en/US/products/sw/cscowork/ps3915/
This includes batch IOS updates, dynamic ACL changes in the event of a threat, system and WAP infoz, etc.
The actual auth component is this:
http://www.cisco.com/en/US/products/...338/index.html
It talks to AD and decides what boxes/networks you can get to.
That should keep ya busy for a while.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|