Is WEP ever enough?
How insecure is Wired Equivalent Privacy?
By Tim Cranny, WVE | Network World US | Published: 20:00, 21 September 2006
The short answer is that WEP (Wired Equivalent Privacy) is badly broken and only fit for a few low-security uses.
Wireless communications are, for obvious reasons, far more susceptible to eavesdropping and unauthorised access than wired communications, and WEP was intended to provide a cryptographic 'wrapper' around the communications channel to protect it. Unfortunately, both the design and implementation of WEP were badly flawed, and attackers are able to crack open the encryption and listen in on - or modify - the 'real' data without much effort.
To make matters worse, these attacks have been turned into 'script-kiddy' tools, so the skill level needed to crack WEP is now close to zero. As the final nail in the coffin, these attacks grow faster and simpler with every increase in bandwidth and CPU speed.
The weaknesses of WEP are obvious in retrospect (poor choice of an encryption algorithm, poor key management, poor key use, poor design and implementation of initialisation vectors, and so on), but users and network administrators don't really need to worry about the cryptanalytic nuances. What is important is that they recognise WEP for what it is: a very-weak-but-very-convenient security tool, and use it accordingly.
So how and when should you use WEP? Its weaknesses make it a terrible choice for protecting mission-critical data or restricting access to sensitive networks, but it might be appropriate for home use. Even there, WEP shouldn't be thought of as a barrier to determined hackers. Instead, it's a useful obstacle to casual eavesdropping and to anyone thinking of piggybacking on your wireless connection. Even if you won't stop these people with WEP, they're likely to turn their attention to other more vulnerable wireless networks they can see around you.
It’s important to remember that WEP is not your only choice for securing your wireless network; far better alternatives are now available. The definitive solution is the IEEE's 802.11i standard, but the intermediate solution of WiFi Protected Access (WPA) is simpler than 802.11i and much more secure than WEP.
A few final recommendations: any wireless encryption solution is a first-hop solution and does nothing to protect your traffic once it leaves the access point. Genuinely sensitive traffic needs end-to-end encryption and should be protected by a virtual private network (VPN) of some sort. It's also important to remember that encryption - no matter how good - only addresses one small part of the wireless threat landscape. A complete wireless security solution should also contain measures such as an endpoint firewall, AP filtering or whitelisting, and controls over the use of ad-hoc networking.
Tim Cranny is senior security architect at Senforce Technologies. He is also an editorial board member of Wireless Vulnerabilities and Exploits, which catalogs potential holes in wireless systems. This article appeared in Network World.