Re: Is Dynamic WEP Secure Enough?

[<shankarnarayan.d () netsol co in>]

In-Reply-To: <BAY23-F17FDF23357CBAAF81FA301874E0 () phx gbl>

All,

Forgive me for my ignorance and please correct me if I am wrong OR if I have wrongly understood these/ any of the 
replies to the Dynamic WEP question

We have all considered how insecure Wireless is using dynamic WEP in the scenario mentioned and I quote - "Due to one 
of our applications, we will be sending a clear strong signal to the parking lot". As also the mail says "Right now my 
plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID" to quote from the mails of Rocko.

My understanding of Dynamic WEP is that, in the case of PEAP or for that matter any other form of EAP derived security, 
there is no single common WEP key that is derived and used for all the clients. The point I am trying to lay my stress 
on is "no single common WEP key". In this scenario - if we were to look at this organization where we assume, should I 
say about 100 Wireless clients, then at an average of 15 people under each Access Point, this translates to 15 
different keys - one key per person on the same Access Point. Add to this the probability of people moving from one 
Access Point to another at every (say) 3hours interval. Add to that the probability that the keys are not all changing 
at a defined point in time - this implies that based on when the user has derived the first dynamic key - the key 
changes at configured intervals. 

To an external user (sitting in the parking lot) this poses 5 levels of randomness - 

1.  different users have different keys
2.  different users changing their keys at different points in time 
3.  different users traversing across Access Points and hence changing their keys 
4.  The physical security that is existing on the ground that can contribute (if not greatly - at least to a reasonable 
extent) and hence the probability of finding out a parking lot hacker 
5.  Add again the probability of this guy getting sufficient numbers of weak IV's

Add to this, the number of users that are really sitting down in an area that provides a strong signal to the parking 
lot. Add also "direction finding capabilities" - (I am not too sure what this direction finding capability of the 
Access Point is, but based on context I guess it is something that deals with improving security). 

SHOULD WE STILL BE AS PARANOID AS THESE MAILS SOUND OR CAN WE RELAX A BIT. 

Ofcourse I would also like to add that we have not looked at whether this is a scenario where we have a Patch Antenna/ 
Parabolic Antenna that transmits signals in a defined direction - in this scenario there is a possibility of the 
replies above being used as an effective hack

Moreover, most Organizations that have this level of consideration for security should be having some form of IDS/ IPS 
- NIDS/ HIDS - wouldn't these have detected/ alarmed the Admin in some way or the other if he is on the LAN/ some 
Server/ workstation

Technically, if we were to sit down in front of a box, it will crack after sometime, but realistically in the scenario 
- is this possible, I guess this is the outlook that we should take when we discuss on such problems. Moreover, this 
immediately puts a doubt in the mind of the person about PEAP and EAP related security measures or for that matter any 
solution when thought from this point angle

I WOULD LIKE TO KNOW THE COMMUNITIES' VIEW IN THIS SCENARIO. 

Rgds,
Shankar





> So if I follow the thread, WEP is OK ... j/k.
>
> Upon further digging with my staff, we have very few wireless devices even 
> on that network.  Therefore scrapping them won't hurt as much as I thought.
> Mr. Martin's last post does raise a question; how fast can you rotate keys?  
> Why not every 3 minutes?  I assume overhead would be a problem.
>
> Lastly, my preferred solution is Trapeze Networks.  There system seems very 
> slick with the multiple security systems I need.  The next closest was 
> Extreme Networks, but they don't seem to be as advanced.  Plus we have all 
> their switches and the APs are same fruity purple.  The questions is, has 
> anybody had any experience with Trapeze (good or bad), they seem to be newer 
> company.  Any intel would be awesome.
>
> Thanks
>
> Rocko
>
>
>
> > From: Kelly Martin <kel () securityfocus com>
> > To: Jon Smith <like2hax () hotmail com>,security-basics () securityfocus com
> > Subject: Re: Is Dynamic WEP Secure Enough?
> > Date: Mon, 21 Mar 2005 16:53:24 -0700
> >
> > No, WEP can be cracked in less than ten minutes (even on a network without 
> > much traffic - a hacker can stimulate his own traffic). Rotating keys just 
> > isn't enough to cover the weaknesses, unless you want to rotate keys every 
> > three minutes. :) Personally I think WPA is the only way to go, or else you 
> > might as well keep the network open and turn WEP off entirely.
> >
> > We published the following articles by Michael Ossmann on SecurityFocus 
> > recently:
> >
> > WEP: Dead Again, Part 1  http://www.securityfocus.com/infocus/1814
> > WEP: Dead Again, Part 2  http://www.securityfocus.com/infocus/1824
> >
> > Regards,
> >
> > Kelly Martin
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's FREE! 
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/