I second what John Pettitt noted:
"Suggestion: forget WEP - get a good ipsec based vpn system, put the
access points on a DMZ lan and require use of the VPN client to get
access to anything other than a "help page" web server."
I would still use WEP though, would keep some folks off this wireless
network you create. So segment your wireless network outside of your
corporate network. The wireless network provides your users just with
access to your Citrix farm (if one exists) or VPN server. The wireless
clients have to run your VPN client to fully get into the network.
Somebody that takes the time to gather enough packets from your network to
crack your WEP (before it changes) will only get access to the same boxes
you make publicly available anyway, your VPN and/or thin client systems
(Citrix).
STEVE
----- Original Message -----
From: "Jon Smith" <like2hax@hotmail.com>
To: <security-basics@securityfocus.com>
Sent: Saturday, March 19, 2005 3:27 PM
Subject: Is Dynamic WEP Secure Enough?
Hi
I am responsible for a large wireless infrastructure upgrade. Right now my
plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID
(I have others with much lower security requirements). I cannot easily go
to WPA without ditching all my current devices that do not support it (good
luck getting that past the CFO). We have a lot of physical security and
surveillance with very tight controls, my primary area of concern would be
people like myself sitting in the parking lot. Due to one of our
applications, we will be sending a clear strong signal to the parking lot.
Is this enough security and encryption to significantly slow intrusion
attempts? Between direction finding capabilities of the Access Points and
our roaming guards it would be a matter of time before we detected them.
Thanks
Rocko
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
