Educause Security Discussion mailing list archives
Re: WEP
From: "Christopher E. Cramer" <chris.cramer () DUKE EDU>
Date: Wed, 13 Jul 2005 09:10:15 -0400
Duke has never (to my knowledge) deployed WEP. Our primary reasoning is that WEP has two main intentions: a) encryption, and b) access control. It doesn't do either particularly well. As you note, the encryption is fairly easy to break. My recollection (take this with a grain of salt, it was 2 or 3 years ago that I last checked) is that both 64 bit and 128 bit keys both provide an encryption strength equivalent to 24 bits used to encrypt the seed to the RC4 algorithm. Given the large quantities of data we push through our wireless network in places like the student union, gathering the number of packets needed to break the encryption seemed trivial. Regarding access control, it seemed to us that a "shared secret" between the 30,000+ people at the institution, wasn't much of a secret and so the access control capability wasn't too useful. Instead of relying on WEP for encryption, we've tried to ensure that all institutionally provided applications which transmit sensitive data (e.g. passwords, grades, etc.) over the network are encrypted at layer 7. So, the application itself should ensure encryption through a mechanism like kerberos or SSL. My general line has been, "you shouldn't trust the wireless network, but you can't trust the wired network either." Access control's been a bit different. We don't currently implement effective access control. There is a registration system in place for the majority of users, but that would not prevent a determined individual from getting on the network without going through the registration. We're looking at 802.1x in the future, but for now, we're living with a registration system and have had no major problems. I hope this helps -chris -- Christopher E. Cramer, Ph.D. University Information Technology Security Officer Duke University, Office of Information Technology 334 Blackwell St., Suite 2106, Durham, NC 27701 PH: 919-660-7003 FAX: 919-668-2953 CELL: 919-210-0528 On Wed, 13 Jul 2005, Chad McDonald wrote:
Understanding that WEP is relatively easy to crack, how many of you have moved away from WEP as an addtional layer of security for your wireless networks? What was your reasoning for doing so? Thanks, Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University 478.445.4473 Office 478.454.8250 Cell 478.445.1202 Fax
Current thread:
- WEP Chad McDonald (Jul 13)
- <Possible follow-ups>
- Re: WEP Dan Updegrove (Jul 13)
- Re: WEP Alt, Brandon C. (Jul 13)
- Re: WEP Christopher E. Cramer (Jul 13)
- Re: WEP Dean De Beer (Jul 13)
- Re: WEP Brenda B Gombosky (Jul 13)
- Re: WEP Penn, Blake (Jul 13)
- Re: WEP Chris Steele (Jul 13)
- Re: WEP Gaddis, Jeremy L. (Jul 15)
- Re: WEP Koerber, Jeff (Jul 18)