I have heard that WEP is exploitable but WPA is not, is this true? A coworker claims regardless of what bit security a WEP device has, his linux box can "tap into it".
Printable View
I have heard that WEP is exploitable but WPA is not, is this true? A coworker claims regardless of what bit security a WEP device has, his linux box can "tap into it".
If you can support WPA, you should use it as WEP is trivial to break with enough time to
gather enough packets for a proper guess.
WPA is still in interim status while a better methodology is developed. AFAIK
Also keep in mind, WPA implementations are not all the same and some devices can
have a hard time talking to other WPA devices. I have not experienced any problems but
have read about several.
With wireless, I don't consider any secure enough not to worry.
Consider adding a VPN tunnel to your wifi if you are a privacy freak.
wildred, good question. I'm just getting into wireless routers myself and in looking for an answer for you, I got some answers myself :D . Anyways, here's a link that explains in depth the differences between WEP and WPA. Check it out, see if it answers your question.
http://www.nwfusion.com/columnists/2...19wizards.html
WPA is *much* better than WEP because (at least with Cisco gear using their ACS device) you can configure a dynamic key exchange to take place every 15 seconds or so. You'll never be able to break that. Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea. The frontend authentication and key exchange process which happens between the host and the WAP of course happens first. This is a two-way authentication process. Thus far, we've been unable to interfere with this architecture but we're far from giving up. So you see, a simple WEP key setup vs a robust WPA setup (Cisco EAP-FAST in my case) can't compare.
Anyway, FWIW.
--TH13
Wow 15 seconds, very cool.Quote:
Originally posted here by thehorse13
Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea.
--TH13
Hey do you use IAS for the auth to AD or another tool?
Good Day All,
I was just reading up on WEP the other day and the run-of-the-mill WEP allows 10,000 packets to pass before any key exchange. The TH13's 15 seconds for WPA would definitely be the way to go.
cheers
We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).Quote:
Wow 15 seconds, very cool.
Hey do you use IAS for the auth to AD or another tool?
have a look at this one. might help answer some stuff.
Dispelling the Myth of Wireless Security
http://www.oreillynet.com/pub/a/wire...ap1/index.html
Can you throw a model number out there so I can check it out.Quote:
Originally posted here by thehorse13
We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).
Love to bring one in to review.
Sure, I have 1200 series (and a few shitty 340s) WAPS all managed by this:
http://www.cisco.com/en/US/products/sw/cscowork/ps3915/
This includes batch IOS updates, dynamic ACL changes in the event of a threat, system and WAP infoz, etc.
The actual auth component is this:
http://www.cisco.com/en/US/products/...338/index.html
It talks to AD and decides what boxes/networks you can get to.
That should keep ya busy for a while. ;)