Applying strong wireless security mechanisms is the key to ensure that a wireless network is protected against unauthorized access and eavesdropping. Unfortunately, wireless security is vulnerable if implemented improperly. The following sections examine some of the issues surrounding wireless security and how you can avoid trouble.
The first, most basic level of securing a wireless LAN (WLAN) is to set up a wired equivalent privacy (WEP) key. This is a means of encryption that encodes transmissions between an access point (AP) and client. This is a basic means of security, but it is not thorough. When wireless devices were first introduced, this was a quick and easy way to provide security. Unfortunately, WEP is inherently flawed; however, it might be your only option if you work with older equipment or client software.
If enough traffic is passed back and forth between client and AP, the packets can be intercepted and the encryption key deduced. This is not a likely issue for homes and small offices that have light wireless activity and uninteresting data. However, in an organization with high volumes of wireless traffic and critical data, it is easy for an intruder to crack the code. It is perhaps worth the effort of the intruder.
The Aironet 1100 Series, 1200 Series, 1300 Series APs, and the 1400 Series bridges that run Cisco IOS Software are especially vulnerable because they send any WEP key in cleartext to the simple network management protocol (SNMP) server if the snmp-server enable traps wlan-wep command is enabled. If you use WEP, make sure this command is disabled.
WEP is vulnerable to attack for several reasons:
RC4 is the most widely used software stream cipher. In addition to WEP, it is also used in secure sockets layer (SSL), the encryption medium used for web pages. Although widely deployed and adequate for web use, it is generally not considered a good means of encryption for WLANs.