WEP - stil insecure?

Just t make sure I am not missing something, I thought I'd throw out these
questions...

Is WEP still as insecure as it was reported to be circa 2001?

What if you have WEP into a network that requires logging in to the server
(like a 2003 Windows server) - is WEP still an issue?

Can you "make WEP secure"?

Is there any valid reason to use WEP in a business environment?

Thanks!

jim

WEP can be hacked in under 30 seconds. I can't imagine why anyone
would want to use it. If a business does not upgrade their hardware
and users systems and is stuck on WEP, yes there is risk.

On Thu, 29 May 2008 16:04:45 -0400, "jim" <(E-Mail Removed)> wrote:

>Just t make sure I am not missing something, I thought I'd throw out these
>questions...
>
>Is WEP still as insecure as it was reported to be circa 2001?
>
>What if you have WEP into a network that requires logging in to the server
>(like a 2003 Windows server) - is WEP still an issue?
>
>Can you "make WEP secure"?
>
>Is there any valid reason to use WEP in a business environment?
>
>Thanks!
>
>jim
>
--

Barb Bowman
MS-MVP
http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
http://blogs.digitalmediaphile.com/barb/

jim wrote:

> Just t make sure I am not missing something, I thought I'd throw out these
> questions...
>
> Is WEP still as insecure as it was reported to be circa 2001?
>
> What if you have WEP into a network that requires logging in to the server
> (like a 2003 Windows server) - is WEP still an issue?
>
> Can you "make WEP secure"?
>
> Is there any valid reason to use WEP in a business environment?
>
> Thanks!
>
> jim


No WEP 256 and WEP 512 bits are still secure here.

jim wrote:
> Just t make sure I am not missing something, I thought I'd throw out
> these questions...
>
> Is WEP still as insecure as it was reported to be circa 2001?
>
> What if you have WEP into a network that requires logging in to the
> server (like a 2003 Windows server) - is WEP still an issue?
>
> Can you "make WEP secure"?
>
> Is there any valid reason to use WEP in a business environment?
>
> Thanks!
>
> jim

I always find it interesting in these discussions - here and elsewhere -
that folks are always saying that WEP is not secure...
My question is - from whom ???

How many "posters" that mention this have actually hacked a WEP network ?
I mean, I can drive around and see over a dozen APs in my neighborhood,
and sometimes try and connect to the ":unprotected" ones...
For those that have WEP, I don't even bother -
not really interesting in actually putting forth the time and effort "to say
I can do it".
Others may be more dedicated.

SO - for me - at home - I run MAC address filtering -

At our local school district, and at work I think they are running
"something",
but never really looked to see.... WEP, WPA, etc

You might have a more dedicated audience at these locations,
that really want to get into the network - and therefore Wxx security might
be justified.

It sure is. There's no reason to use WEP unless you don't care much about
security.

TJX Breach Began With WEP Crack
http://hardware.slashdot.org/article.../05/05/1812254

from:
http://online.wsj.com/article_email/...DIwNDQ0Wj.html
..... The auditor's report cited the outmoded WEP encryption and missing
software patches and firewalls.


"jim" <(E-Mail Removed)> wrote in message
news:VZD%j.7618$(E-Mail Removed)...
> Just t make sure I am not missing something, I thought I'd throw out these
> questions...
>
> Is WEP still as insecure as it was reported to be circa 2001?
>
> What if you have WEP into a network that requires logging in to the server
> (like a 2003 Windows server) - is WEP still an issue?
>
> Can you "make WEP secure"?
>
> Is there any valid reason to use WEP in a business environment?
>
> Thanks!
>
> jim
>

Hi
From the weakest to the strongest, Wireless security capacity is.
No Security
MAC______(Band Aid if nothing else is available).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP and did not updated it you would have to download
the WPA2 patch from Microsoft. http://support.microsoft.com/kb/893357
The documentation of your Wireless devices (Wireless Router, and Wireless
Computer's Card) should state the type of security that is available with
your Wireless hardware.
All devices MUST be set to the same security level using the same pass
phrase.
Therefore the security must be set according what ever is the best possible
of one of the Wireless devices.
I.e. even if most of your system might be capable to be configured to the
max. with WPA2, but one device is only capable to be configured to max . of
WEP, to whole system must be configured to WEP.
If you need more good security and one device (like a Wireless card that can
do WEP only) is holding better security for the whole Network, replace the
device with a better one.
Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html
The Core differences between WEP, WPA, and WPA2 -
http://www.ezlan.net/wpa_wep.html
Jack (MVP-Networking).

"jim" <(E-Mail Removed)> wrote in message
news:VZD%j.7618$(E-Mail Removed)...
> Just t make sure I am not missing something, I thought I'd throw out these
> questions...
>
> Is WEP still as insecure as it was reported to be circa 2001?
>
> What if you have WEP into a network that requires logging in to the server
> (like a 2003 Windows server) - is WEP still an issue?
>
> Can you "make WEP secure"?
>
> Is there any valid reason to use WEP in a business environment?
>
> Thanks!
>
> jim
>

On Thu, 29 May 2008 16:04:45 -0400, "jim" <(E-Mail Removed)> wrote:

>Can you "make WEP secure"?

WPA with tkip (as opposed to aes) was written so that it could be
installed as a software upgrade to existing hardware running wep
whereas aes required different hardware. So in that respect wep can be
made more secure except it's not called wep anymore. It's called wpa.

More accurately, "can hardware running wep be made more secure"? Yes.


Jim.

On Thu, 29 May 2008 15:39:10 -0500, "ps56k"
<(E-Mail Removed)> wrote:

>I mean, I can drive around and see over a dozen APs in my neighborhood,
>and sometimes try and connect to the ":unprotected" ones...
>For those that have WEP, I don't even bother -


And that's wep's biggest plus point. There are enough completely open
networks to hack into that it's too much hassle to hack into a wep
encrypted one albeit very easy and automated these days. Also the
people who have open networks are more likely to be lax on file
sharing security too.

That hardly makes wep secure, though.


Jim.

the high school kids around here see it as a game and a challenge.
is this connected to local police investigations of data theft and
local news editorials about proper wireless security..?

*I* am not interested in trying out tools to hack WEP. I'm
interested in making sure folks have the opportunity to read how
insecure it is. WPA2 is the best available security. WPA is next
(and can only be hacked via a dictionary attack so use a strong
random passphrase).

On Thu, 29 May 2008 15:39:10 -0500, "ps56k"
<(E-Mail Removed)> wrote:

>How many "posters" that mention this have actually hacked a WEP network ?
>I mean, I can drive around and see over a dozen APs in my neighborhood,
>and sometimes try and connect to the ":unprotected" ones...
>For those that have WEP, I don't even bother -
>not really interesting in actually putting forth the time and effort "to say
>I can do it".
>Others may be more dedicated.
--

Barb Bowman
MS-MVP
http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
http://blogs.digitalmediaphile.com/barb/

"James Egan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> On Thu, 29 May 2008 16:04:45 -0400, "jim" <(E-Mail Removed)> wrote:
>
>>Can you "make WEP secure"?
>
> WPA with tkip (as opposed to aes) was written so that it could be
> installed as a software upgrade to existing hardware running wep
> whereas aes required different hardware. So in that respect wep can be
> made more secure except it's not called wep anymore. It's called wpa.
>
> More accurately, "can hardware running wep be made more secure"? Yes.

Is all WEP hardware upgradable or do you just have to look to each vendor to
find out?