WEP is the original encryption option of 802.11 wireless networking.
               It’s based on RC4. However, because of mistakes in its design and

               implementation, WEP’s primary flaw is related to its IV. The WEP IV
               is only 24 bits long and is transmitted in plaintext. This, coupled with
               the fact that WEP doesn’t check for packet freshness, allows a live
               WEP crack to be successful in less than 60 seconds (see the Wesside-
               ng tool from the Aircrack-ng suite at www.aircrack-ng.org).


               Rogue Access Points

               A security concern commonly discovered during a site survey is the

               presence of rogue wireless access points. A rogue WAP may be
               planted by an employee for convenience, or it may be operated
               externally by an attacker.

               A wireless access point planted by an employee can be connected to
               any open network port. Such unauthorized access points usually aren’t
               configured for security or, if they are, aren’t configured properly or in
               line with the organization’s approved access points. Rogue wireless

               access points should be discovered and removed in order to eliminate
               an unregulated access path into your otherwise secured network.

               It’s common for an attacker to find a way to visit a company (via a
               friend who is an employee or by going on a company tour, posing as a
               repair technician or breakfast taco seller, or even breaking in at night)
               in order to plant a rogue access point. After a rogue access point is
               positioned, an attacker can gain entry to the network easily from a

               modest distance away from your front door.

               A rogue WAP can also be deployed by an attacker externally to target
               your existing wireless clients or future visiting wireless clients. An
               attack against existing wireless clients requires that the rogue WAP be
               configured to duplicate the SSID, MAC address, and wireless channel
               of the valid WAP, although operating at a higher power rating. This
               may cause clients with saved wireless profiles to inadvertently select or

               prefer to connect to the rogue WAP instead of the valid original WAP.

               The second method focuses on attracting new visiting wireless clients.
               This type of rogue WAP is configured with a social engineering trick by
               setting the SSID to an alternate name that appears legitimate or even