a lot of talk about wep but...

well its weird, i read in the cwna book that using the closed system,
meaning having wep authentication and encryption is not secure at all, well
for a normal windows user u can't do anything about it to crack it, so u
won't get authenticated and u can't even sniff, practically that what
happened with me, why couldn't i sniff with commview for example!!!




-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----

On Thu, 26 Jun 2003 11:55:13 +0300, joseph wrote:

> well its weird, i read in the cwna book that using the closed system,
> meaning having wep authentication and encryption is not secure at all

WEP is perfectly secure, if you take the other necessary precautions in
your network topology and design.

1.) Disable DHCP, statically assign your machine's IP addresses

2.) Disable SSID broadcast (BSSID in some vernacular)

3.) Rotate your 128-bit keys OFTEN, and don't put them in a place where
people who can get into your machine can see them (like in My
Documents in a file called Passwords.txt)

4.) Stick all of your authorized machines in the ACL for your WAP,
and check it often.

5.) Use ssl, ssh, and ipsec for any outbound communications you
don't directly control

WEP is secure enough for people to use, but alone, it's not the answer.

I agree totally - it is possible to crack WEP but why bother - its a lot of
time and effort to get what?

I expect that there are some determined crackers out to get a comapany who
have got a LOT of time to spare.

What have you got that is so important that you are so worried about it?

Sit back and have couple of beers.

K Bloch wrote:
> There is a lot of misinformation out about the theoretical weaknesses
> of WEP keys.
>
> My take is as follows.
>
> Can WEP keys be broken? The answer is yes but it is not as easy or as
> fast as most people think. Cracking 128 bit WEP keys will take some
> time typically at least 1 Gbyte of traffic will be needed, much more
> then this for Cisco access points and defualt WEP settings ie no tkip
> etc.
>
> Can most people crack WEP keys. The answer is NO. A linux user with a
> moderate amount of skill and a lot of time to waste may be able to
> crack a WEP key. Question is with about 70% of access points unsecure
> why bother trying to crack a WEP key.
>
> Now my suggestion for best practices is as follows.
>
> 1. Use 128 Bit WEP keys. Use one key for transmit from the access
> point and different keys for receiving from clients. In other words
> make sure your client PC(s) use a different key to transmit then the
> access point. Make sure all four keys are installed on all devices and
> that all the keys match.
>
> 2. Use MAC based filtering if available. It is not much of a security
> feature but every little bit helps.
>
> 3. The same goes for turning off SSID broadcasting. This actually does
> not stop your SSID from being sent if stops someone from using a
> broadcast SSID from connecting.
>
> 4. Turn off the wireless access point when not in use. No RF signal
> means no one can connect.
>
> 5. Sit back have a beer and don't be so paranoid!!
>
>
> "joseph" <(E-Mail Removed)> wrote in message
> news:<(E-Mail Removed)>...
>> well its weird, i read in the cwna book that using the closed system,
>> meaning having wep authentication and encryption is not secure at
>> all, well
>> for a normal windows user u can't do anything about it to crack it,
>> so u
>> won't get authenticated and u can't even sniff, practically that what
>> happened with me, why couldn't i sniff with commview for example!!!
>>
>>
>>
>>
>> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
>> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
>> -----== Over 80,000 Newsgroups - 16 Different Servers! =-----

On Thu, 26 Jun 2003 22:35:55 +0000, Keith Roberts wrote:

> What have you got that is so important that you are so worried about it?

You miss the point entirely..

Cracking WEP may not always be about "getting at" something, and in most
cases, it isn't. Let's say I crack your WEP key (fairly easy to do, given
enough computing resources), and then I decide to use YOUR internet
connection through YOUR ISP, to download some child pornography,
bomb-making plans, and maybe steal a few gigabytes of copyrighted mp3
files while you're asleep or away at work.

Who do you think is responsible when the cops/RIAA/Feds come knocking?