WEP & WPA wireless in business

Posted on May 14, 2010
Filed Under The Dangers | 1 Comment

Most offices these days have their airspace saturated with wireless networks. It’s amazing therefore, with the ubiquity of wireless routers and hubs that there are still so many connections that are on the lowest encryption available. WEP. Possibly because the hardware in use only has that encryption available but you’d be surprised.

It’s quite trivial these days to crack a WEP password. A post in a forum I saw a couple of weeks back had a 12 second record! A fundamental flaw in the way WEP recycles its encryption key over and over means that if you collect enough packets, the key can be easily decrypted.

I did a quick scan of the local office space around ourselves this morning and was interested, but not surprised to find that out of 24 wireless networks, 7 were using WEP and 8 were using WPA(1). Whilst WPA is quite secure it’s still possible to obtain the key via brute force. WPA2 would take much much much longer and uses a different (and better) encryption than WPA(1), TKIP vs AES if you care.

(click to enlarge)

Let’s focus on WEP. 7 out of 24 networks are vulnerable to attack. That’s almost 30%! I took the laptop down into our local town centre car park and obtained a similar proportion of WEP networks. It seems people just are not getting the message.

Some may say, well it does not matter, there’s nothing of interest on our network! Just remember, any attacker can now use that network to connect to the internet and by definition, that network is responsible for their actions. ‘Someone else used my network’ has proved not to be an adequate defence in the eyes of the law in music copyright infringement cases at least.

Most hardware these days can deal with WPA/WPA2. Ensure it is used to protect your network.

Comments

• Recent Posts

  • How safe is your credit card number with merchants?
  • GlobalSign Comodo Compromise
  • Would you send money to help a friend?
  • Your Valuable Information
  • Google SSL

• Archives

  • November 2011
  • March 2011
  • February 2011
  • May 2010

• Categories

  • Improving Security
  • Social Media
  • The Dangers

• Common Phrases

  boiler rooom email spoofing extended validation FSA geolocation Google SSL passwords PCI compliance personal details Personal Information phone fraud pinoptic pump and dump social engineering Social Media SPF ssl certificates ssl padlock telephone security twitter location visual password wep cracking wireless encryption

• Links

  
  
  
  
  Blog Directory Website Hacked? Salvage My Site

• About

  Ever had your personal details cloned? Worried about someone else spending money on your credit card? This site will attempt to identify and protect against the dangers of fraud.

• Search

• Admin

  • Register
  • Log in
  • XHTML