Vulnerability Development mailing list archives
(in)Security in 802.11 WEP Algorithm
From: Rich Corbett <RichC () LOEHMANNS COM>
Date: Wed, 14 Feb 2001 19:38:57 -0500
There has been much talk in the last week that I have read about in regard to the insecurity behind the WEP (Wired Equivalent Privacy) algorithm, which is part of the 802.11 standard. I do not claim to be an expert on the subject, however I am a bit alarmed in what I have found out. This is good reading for anyone who already has or is thinking of deploying a wireless LAN (WLAN) over using 802.11, 802.11b, etc. From some poking around, I found a few vendors that resell such technology which include, but are not limited to: Lucent, Compaq, Symbol, Toshiba, DLink, and 3Com. Some vendors do slightly a better job at keeping things tight from what I have read in a few different articles, however - the whole 802.11, I feel cannot be trusted. If you do use it, treat it like the Net - firewall it, and VPN all your comms to your servers, etc. <My own opinion>
From what I understand, new laptops from Toshiba are going to be (or maybe
already are) equipped with 802.11 NIC's. I would be careful in using the laptop in public places, such as American Airlines' Admiral's Club's who is reported as offering it to executives passing through some major airports! (Ack!)
From another article, I read that corrections for 802.11 will not be
available to at best 2nd Quarter of 2002... However, I couldn't find anything from IEEE on the subject. I feel that the best info can be found in the following two links: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html The actual draft can be found here: http://www.isaac.cs.berkeley.edu/isaac/wep-draft.pdf My take on all of this is that unless you can utilize proven VPN technologies, or compute in a RF shielded environment, forget about 802.11 and secure computing for now... I feel for our colleagues who have already rolled out this technology in widespread areas and am glad that I chose not to despite the cost savings in cabling installations, ease of deployment, and future maintenance involved. I never want to be a 'gamma tester'. Rich Corbett Director of Network Services Loehmann's Inc. richc () loehmanns com
Current thread:
- (in)Security in 802.11 WEP Algorithm Rich Corbett (Feb 14)