Wired Equivalent Privacy - Compaq d530 - Convertible Minitower Desktop PC Manual

Wired Equivalent Privacy

Although most wireless security concerns have little or nothing to do with the wireless nature of the
devices, there is some validity to the apprehension regarding the vulnerabilities of the Wired
Equivalent Privacy key. WEP is an encryption algorithm designed to provide wireless security for
802.11 wireless networks. It was developed by IEEE volunteers. WEP security issues can be
summarized in four main points:
• Web Key Recovery
• Unauthorized decryption and violation of data integrity
• Poor key management and
• Access Point association
All wireless vendors have taken steps to address these concerns. The IEEE response to the WEP key
issue is 802.11i (802.1x Authentication) and
will support Wi-Fi Protected Access, and the high-level authentication provided by 802.1x
Enhanced Authorization Protocol. Also, these devices support
focused on what is available today, as it is hard to predict future changes in wireless technologies
as they are emerging and IP networks are evolving to IPv6.
The table below addresses the various solutions that vendors have developed to address the
weaknesses discovered in WEP vulnerability.
Virtual Private Network
Implementations
HP solutions:
HP Production WLAN
HP Wireless Internet Access
Dynamic WEP key
CISCO
Hewlett Packard
Microsoft
Enhancements of WEP Key
(40-64 bit WEB)
Lucent 128 bit
Agere 152 bit WEB
US Robotics 256 bit WEP
MAC Address Filtering
Server based
Access point based
Wi-Fi Protected Access
Vendor Solutions for WEP Vulnerability
Although VPN provides adequate security, there may be issues with roaming, cost,
throughput and usability. Some solutions include:
HP Production WLAN: Provides a routable IP address controlled by Security Policies
allowing only access to Corporate VPN servers. Because you have to implement VPN using
secure ID to gain Internet access, this is more secure
HP Wireless Internet Access Solution
customers/vendors. Access is vended via Network Access Controllers that only allow
Internet access after the client accepts a Legal Disclaimer. VPN is required if some intranet
data is needed. In most cases, this is not needed as most productivity applications can be
accessed using reverse proxy. This is very flexible and resilient to "edge of the network"
changes.
Implementation of Dynamic WEP re-keying of Access Points. In this solution, short-lived
WEP keys are dynamically generated and broadcast. The time interval is short enough
that the attacker will not have enough data to crack the web key. Initially, this solution
introduced interoperability issues. Now it is the standard for Wi-Fi Security and was the
seed for the WPA and 802.11i.
This extension of the WEP key did not help with security, as the WEP vulnerability issues
persisted (for more information, click
does not help.
Filtering solutions are difficult to manage. Spoofing the MAC address is possible, but
some Access Points can hold 30 MAC addresses, which requires you to feed in to all
Access Points and tack them.
(WPA). In fact, all
TKIP and AES Encryption. We are
: Provides full Internet access for on-site
here). It might take longer to crack the key but it
HP devices
4