Compaq nc6000 Wireless Security - Page 4

Wired Equivalent Privacy Although most wireless security concerns have little or nothing to do with the wireless nature of the devices, there is some validity to the apprehension regarding the vulnerabilities of the Wired Equivalent Privacy key. WEP is an encryption algorithm designed to provide wireless security for 802.11 wireless networks. It was developed by IEEE volunteers. WEP security issues can be summarized in four main points: • Web Key Recovery • Unauthorized decryption and violation of data integrity • Poor key management and • Access Point association All wireless vendors have taken steps to address these concerns. The IEEE response to the WEP key issue is 802.11i (802.1x Authentication) and Wi-Fi Protected Access (WPA). In fact, all HP devices will support Wi-Fi Protected Access, and the high-level authentication provided by 802.1x Enhanced Authorization Protocol. Also, these devices support TKIP and AES Encryption. We are focused on what is available today, as it is hard to predict future changes in wireless technologies as they are emerging and IP networks are evolving to IPv6. The table below addresses the various solutions that vendors have developed to address the weaknesses discovered in WEP vulnerability. Virtual Private Network Implementations HP solutions: HP Production WLAN HP Wireless Internet Access Vendor Solutions for WEP Vulnerability Although VPN provides adequate security, there may be issues with roaming, cost, throughput and usability. Some solutions include: HP Production WLAN: Provides a routable IP address controlled by Security Policies allowing only access to Corporate VPN servers. Because you have to implement VPN using secure ID to gain Internet access, this is more secure Dynamic WEP key CISCO Hewlett Packard Microsoft HP Wireless Internet Access Solution: Provides full Internet access for on-site customers/vendors. Access is vended via Network Access Controllers that only allow Internet access after the client accepts a Legal Disclaimer. VPN is required if some intranet data is needed. In most cases, this is not needed as most productivity applications can be accessed using reverse proxy. This is very flexible and resilient to "edge of the network" changes. Implementation of Dynamic WEP re-keying of Access Points. In this solution, short-lived WEP keys are dynamically generated and broadcast. The time interval is short enough that the attacker will not have enough data to crack the web key. Initially, this solution introduced interoperability issues. Now it is the standard for Wi-Fi Security and was the seed for the WPA and 802.11i. Enhancements of WEP Key (40-64 bit WEB) Lucent 128 bit Agere 152 bit WEB US Robotics 256 bit WEP MAC Address Filtering Server based Access point based This extension of the WEP key did not help with security, as the WEP vulnerability issues persisted (for more information, click here). It might take longer to crack the key but it does not help. Filtering solutions are difficult to manage. Spoofing the MAC address is possible, but some Access Points can hold 30 MAC addresses, which requires you to feed in to all Access Points and tack them. 4