Wireless network (WEP security)

Tom Tom-QXpTDD2AffPSUeElwK9/Pw at public.gmane.org
Tue Sep 30 19:23:28 UTC 2003 

WEP is only useful for preventing casual access to your network.  It's not
real security.

The solution is the 802.1x protocol, but this is not finalized, so there is
an interim standard called WPA.  These protocols will eventually use the AES
algorithm, but it is too computational expensive at the moment.  You can
only use it if the algorithm is built into the firmware.  As another interim
solution people are using the TKIP algorithm, which is similar to WEP.

Now, with that many 'interims' and an algorithm similar to WEP you might
think that WPA with TKIP is no good, but that is not the case.  It is vastly
better than WEP and it provides true security at this time.

This solution can be implemented independently of the driver.  You could buy
any wireless adapter, using any of the 802.11 standards and then get
software that implements WPA.  But it's not totallly independent - you need
to make sure that the WPA software you get is compatible with the
chipset/driver you are using.

The hard part is going to be finding a WPA solution for Linux.

One other thing.  If you want to use Linux as your AP you need an
'authenticator' and if you want to use it as a client then you need a
'supplicant'.  Unless you are in a corporate environment you will want to
use WPA in 'pre-shared key' mode.

Or, you could implement security at a higher level in your network.

Tom.

"Gardner Bell" <gbell72-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org> wrote in
message
news:Pine.LNX.4.58.0309301317500.1427-bi+AKbBUZKarHMlHb5NnZytyHCCPSaTIbJEeYj9oJeCmdvSpIQae8A at public.gmane.org
> I've been considering moving to a wireless network system but after many
> articles I have read is it really worth it?  One such article I read was
on the
> WEP algorithm and numerous flaws found by the analysts, such as a
> dictionary-building attacks, active attack to inject new traffic from
> unauthorized mobile stations, etc. How easily could a
> hacker pull off this kind of attack on an 802.11 network?
> The initialization vector in WEP I have read is only 24-bit and is sent in
> the clear-text part of a message, with only a small amount of
initialization
> vectors how often would the same key-stream be used on a rather small home
> network?  A busy access point, which constantly sends 1500 byte packets at
> 11Mbps, will exhaust the space of IVs after 1500*8/(11*10^6)*2^24 = ~18000
> seconds, or 5 hours.  Would the time increase or decrease using wireless
with
> Roger's or does it all depend on how much traffic my machines are sending?
> What measures have others here taken to secure their wireless networks if
any of
> you have them and what specific hardware would you recommend?  Any other
info
> that you could provide would be greatly beneficial.
>
> thanks
>  --
> Gardner Bell - personal site www.gamecraze.net
> GPG Fingerprint
> C6F5 39E1 9E9A 9FAC 9DCE  78A3 9C8B 39F4 0895 FD3F
>
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>



--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list