Page 792 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 792

encryption on wireless networks as is found on wired or cabled

               networks. WEP provides protection from packet sniffing and
               eavesdropping against wireless transmissions.

               A secondary benefit of WEP is that it can be configured to prevent
               unauthorized access to the wireless network. WEP uses a predefined
               shared secret key; however, rather than being a typical dynamic
               symmetric cryptography solution, the shared key is static and shared
               among all wireless access points and device interfaces. This key is used

               to encrypt packets before they are transmitted over the wireless link,
               thus providing confidentiality protection. A hash value is used to verify
               that received packets weren’t modified or corrupted while in transit;
               thus WEP also provides integrity protection. Knowledge or possession
               of the key not only allows encrypted communication but also serves as
               a rudimentary form of authentication because, without it, access to the
               wireless network is prohibited.


               WEP was cracked almost as soon as it was released. Today, it is
               possible to crack WEP in less than a minute, thus rendering it a
               worthless security precaution. Fortunately, there are alternatives to
               WEP, namely WPA and WPA2. WPA is an improvement over WEP in
               that it does not use the same static key to encrypt all communications.
               Instead, it negotiates a unique key set with each host. However, a
               single passphrase is used to authorize the association with the base

               station (i.e., allow a new client to set up a connection). If the
               passphrase is not long enough, it could be guessed. Usually 14
               characters or more for the passphrase is recommended.

               WEP encryption employs Rivest Cipher 4 (RC4), a symmetric stream
               cipher (see Chapter 6, “Cryptography and Symmetric Key Algorithms,”
               and Chapter 7, “PKI and Cryptographic Applications,” for more on
               encryption in general). Due to flaws in its design and implementation

               of RC4, WEP is weak in several areas, two of which are the use of a
               static common key and poor implementation of IVs (initiation
               vectors). Due to these weaknesses, a WEP crack can reveal the WEP
               key after it finds enough poorly used IVs. This attack can now be
               performed in less than 60 seconds. When the WEP key is discovered,
               the attacker can join the network and then listen in on all other

               wireless client communications. Therefore, WEP should not be used.
   787   788   789   790   791   792   793   794   795   796   797