WPA and WEP

**wildred** · October 14th, 2004, 08:53 PM

I have heard that WEP is exploitable but WPA is not, is this true? A coworker claims regardless of what bit security a WEP device has, his linux box can "tap into it".

**ss2chef** · October 14th, 2004, 09:11 PM

If you can support WPA, you should use it as WEP is trivial to break with enough time to
gather enough packets for a proper guess.

WPA is still in interim status while a better methodology is developed. AFAIK

Also keep in mind, WPA implementations are not all the same and some devices can
have a hard time talking to other WPA devices. I have not experienced any problems but
have read about several.

With wireless, I don't consider any secure enough not to worry.
Consider adding a VPN tunnel to your wifi if you are a privacy freak.

***ShagDevil*** · October 14th, 2004, 09:18 PM

wildred, good question. I'm just getting into wireless routers myself and in looking for an answer for you, I got some answers myself

. Anyways, here's a link that explains in depth the differences between WEP and WPA. Check it out, see if it answers your question.

http://www.nwfusion.com/columnists/2...19wizards.html

***thehorse13*** · October 14th, 2004, 09:44 PM

WPA is *much* better than WEP because (at least with Cisco gear using their ACS device) you can configure a dynamic key exchange to take place every 15 seconds or so. You'll never be able to break that. Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea. The frontend authentication and key exchange process which happens between the host and the WAP of course happens first. This is a two-way authentication process. Thus far, we've been unable to interfere with this architecture but we're far from giving up. So you see, a simple WEP key setup vs a robust WPA setup (Cisco EAP-FAST in my case) can't compare.

Anyway, FWIW.

--TH13

**ss2chef** · October 14th, 2004, 10:12 PM

Originally posted here by thehorse13
Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea.

--TH13

Wow 15 seconds, very cool.

Hey do you use IAS for the auth to AD or another tool?

***Relyt*** · October 14th, 2004, 11:55 PM

Good Day All,

I was just reading up on WEP the other day and the run-of-the-mill WEP allows 10,000 packets to pass before any key exchange. The TH13's 15 seconds for WPA would definitely be the way to go.

cheers

***thehorse13*** · October 15th, 2004, 12:37 AM

Wow 15 seconds, very cool.

Hey do you use IAS for the auth to AD or another tool?

We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).

**secure_lockdown** · October 15th, 2004, 04:18 AM

have a look at this one. might help answer some stuff.

Dispelling the Myth of Wireless Security
http://www.oreillynet.com/pub/a/wire...ap1/index.html

**ss2chef** · October 15th, 2004, 04:56 AM

Originally posted here by thehorse13
We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).

Can you throw a model number out there so I can check it out.

Love to bring one in to review.

***thehorse13*** · October 15th, 2004, 02:23 PM

Sure, I have 1200 series (and a few shitty 340s) WAPS all managed by this:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/

This includes batch IOS updates, dynamic ACL changes in the event of a threat, system and WAP infoz, etc.

The actual auth component is this:
http://www.cisco.com/en/US/products/...338/index.html

It talks to AD and decides what boxes/networks you can get to.

That should keep ya busy for a while.

Thread: WPA and WEP

Thread Tools

Display

WPA and WEP

Posting Permissions