Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Living with devices that only do WEP

Keep them away from the stuff that matters

Article comments

What's the best way to deal with embedded devices that only support WEP with respect to WPA/WPA2 networks and keeping them secure?

Unfortunately, some embedded devices are not upgradeable to WPA/WPA2. Take 802.11 phones for example. Many 802.11 phones support only WEP using either of two key lengths - both easily breakable and both equally unscalable. Newer phones support the WPA/TKIP and WPA2/CCMP cipher suites using passphrases. In addition, some may support lightweight EAP types such as Cisco's LEAP, which has its own problems.

So what do we do when our 802.11 phone (or other similar embedded device) supports only WEP? First of all, WEP phones need to be on their own VLAN using their own SSID, and that VLAN needs to be heavily fire-walled from the rest of the network infrastructure (like file servers, email servers, etc.). Why would we do this? The phones must be able to reach each other and the voice server, but we must be able to block access to mission critical network resources to which the phones do not need access. Since both autonomous APs and WLAN controllers with lightweight APs provide the ability to tie SSIDs, VLANs, and security parameters together as a set, the aforementioned tasks are quite simple.

Filter WEP After separating and controlling access between the WEP network and all other networks that are part of the infrastructure, we need to heavily filter the WEP network. An important question to ask ourselves before creating filters would be, "What protocols am I using and what are my source and destination IP networks?" For example, if I'm using SIP/RTP and my voice server is 192.168.100.2 /24, then I configure my WLAN controller (or other filtering device) to allow only SIP and RTP protocols between devices that are part of the 192.168.100.0 /24 network. This provides filtering at layers 3, 4, and 7 and can severely limit the damage an intruder can do if WEP is broken. If the intruder were able to get past this security, the only two destinations available would be the firewall (acting as a gateway out of the VLAN) and the voice server (which should have its own firewall installed). Each of these two firewalls should be strictly configured and monitored.

Keep your data safe The last consideration is that of protecting the data itself. Voice conversations are by their nature considered somewhat confidential, but if WEP is the only security mechanism available, consider limiting the topics of conversation to those that would not pose a threat to the organisation if they were overheard. If the data protected by WEP is raw data (not voice), then steps should be taken to use encryption at higher layers.

Devin Akin is CTO of CWNP, the industry standard for wireless LAN training and certification, as well as an editorial board member of the WVE. This article appeared in Network World.


Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *