Page 465 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 465
the local network and rely on the assumption that it would be too
difficult for an attacker to gain physical access to the network wire
inside a secure location to eavesdrop on the network. However,
wireless networks transmit data through the air, leaving them
extremely vulnerable to interception. There are two main types of
wireless security:
Wired Equivalent Privacy Wired Equivalent Privacy (WEP)
provides 64- and 128-bit encryption options to protect
communications within the wireless LAN. WEP is described in IEEE
802.11 as an optional component of the wireless networking standard.
Cryptanalysis has conclusively demonstrated that
significant flaws exist in the WEP algorithm, making it possible to
completely undermine the security of a WEP-protected network
within seconds. You should never use WEP encryption to protect a
wireless network. In fact, the use of WEP encryption on a store
network was the root cause behind the TJX security breach that
was widely publicized in 2007. Again, you should never use WEP
encryption on a wireless network.
WiFi Protected Access WiFi Protected Access (WPA) improves on
WEP encryption by implementing the Temporal Key Integrity Protocol
(TKIP), eliminating the cryptographic weaknesses that undermined
WEP. A further improvement to the technique, dubbed WPA2, adds
AES cryptography. WPA2 provides secure algorithms appropriate for
use on modern wireless networks.
Remember that WPA does not provide an end-to-end
security solution. It encrypts traffic only between a mobile
computer and the nearest wireless access point. Once the traffic
hits the wired network, it’s in the clear again.
Another commonly used security standard, IEEE 802.1x, provides a
flexible framework for authentication and key management in wired
