WEP vs WPA

Hi experts

I'm about to setup a wireless office network ( dimensions yet to be
decided ) hence I need information before I set it up.
I need the following information/s :-

1.) Comparison / difference and Pros&Cons of WEP and WPA encryption on
a WLAN.

2.) Encryption technology

3.) Authentication technology

4.) Recommended devices (AP, WLAN Cards etc)

5.) How to perform Security Audit of a WLAN?

6.) Recommended steps to setup such a network

Please consider this urgent and post/reply ASAP


------------------------------------------------------------------------
View this thread: http://www.wirelessforums.org/showthread.php?t=29520
http://www.wirelessforums.org

Urgently,

http://www.google.com/search?source=...=Google+Search

rockysam39 wrote:
> Hi experts
>
> I'm about to setup a wireless office network ( dimensions yet to be
> decided ) hence I need information before I set it up.
> I need the following information/s :-
>
> 1.) Comparison / difference and Pros&Cons of WEP and WPA encryption on
> a WLAN.
>
> 2.) Encryption technology
>
> 3.) Authentication technology
>
> 4.) Recommended devices (AP, WLAN Cards etc)
>
> 5.) How to perform Security Audit of a WLAN?
>
> 6.) Recommended steps to setup such a network
>
> Please consider this urgent and post/reply ASAP

rockysam39 <(E-Mail Removed)> hath wroth:

>1.) Comparison / difference and Pros&Cons of WEP and WPA encryption on
>a WLAN.

There's no comparison. WEP encryption has been easily cracked and is
considered grossly insecure. Tools are commonly available and take
only a few minutes to run. WPA is currently quite secure.

>2.) Encryption technology

You have two choices. WPA-PSK which uses TKIP and WPA2-PSK which uses
AES. AES is considered more secure. In general, any client that
supports TKIP will also support AES, so there's little risk of
compatibility issues with AES. Only older cards and drivers may be a
problem.

>3.) Authentication technology

802.1x is supplies along with WPA encryption. However, if you want
something better, consider installing a RADIUS server and using
WPA-RADIUS for authentication. This also has the added benifit of NOT
using a shared encryption key which can easily be leaked. With
RADIUS, the encryption key is unique for each session and user.

>4.) Recommended devices (AP, WLAN Cards etc)

Sorry. Without specifications or clue as to what you're trying to
accomplish, what you have to work with, and how much money you have to
spend, I can't offer any recommendations. Note that there are no
universal solutions.

>5.) How to perform Security Audit of a WLAN?

Wireless security is enforced by the wireless access point. If it
demands that users have encryption, authentication, passwords, etc,
then checking the access point is your prime method of testing
security. Beyond that, there are numerous intrusion testing and
detection tools and services, which will test the entire network, and
not just a single component, which can be circumvented or bypassed.

>6.) Recommended steps to setup such a network

Hire someone that knows what they are doing and has done it before.

>Please consider this urgent and post/reply ASAP

If this is your responsibility, I suggest you either do some serious
reading, or find someone with experience to expedite the project.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

rockysam39 wrote:
> Hi experts
>
> I'm about to setup a wireless office network ( dimensions yet to be
> decided ) hence I need information before I set it up.
> I need the following information/s :-
>
> 1.) Comparison / difference and Pros&Cons of WEP and WPA encryption on
> a WLAN.
>
> 2.) Encryption technology
>
> 3.) Authentication technology
>
> 4.) Recommended devices (AP, WLAN Cards etc)
>
> 5.) How to perform Security Audit of a WLAN?
>
> 6.) Recommended steps to setup such a network
>
> Please consider this urgent and post/reply ASAP


It sounds like someone is writing a paper.

If it is an actual project and that urgent you might want to hire
someone with appropriate experience to do it.

>
>
> ------------------------------------------------------------------------
> View this thread: http://www.wirelessforums.org/showthread.php?t=29520
> http://www.wirelessforums.org
>

On Sep 27, 8:46 am, Jeff Liebermann <je...@cruzio.com> wrote:
> rockysam39 <rockysam39.2xk...@no-mx.wirelessforums.org> hath wroth:
>
> >1.) Comparison / difference and Pros&Cons of WEP and WPA encryption on
> >a WLAN.
>
> There's no comparison. WEP encryption has been easily cracked and is
> considered grossly insecure. Tools are commonly available and take
> only a few minutes to run. WPA is currently quite secure.
>
> >2.) Encryption technology
>
> You have two choices. WPA-PSK which uses TKIP and WPA2-PSK which uses
> AES. AES is considered more secure. In general, any client that
> supports TKIP will also support AES, so there's little risk of
> compatibility issues with AES. Only older cards and drivers may be a
> problem.
>
> >3.) Authentication technology
>
> 802.1x is supplies along with WPA encryption. However, if you want
> something better, consider installing a RADIUS server and using
> WPA-RADIUS for authentication. This also has the added benifit of NOT
> using a shared encryption key which can easily be leaked. With
> RADIUS, the encryption key is unique for each session and user.
>
> >4.) Recommended devices (AP, WLAN Cards etc)
>
> Sorry. Without specifications or clue as to what you're trying to
> accomplish, what you have to work with, and how much money you have to
> spend, I can't offer any recommendations. Note that there are no
> universal solutions.
>
> >5.) How to perform Security Audit of a WLAN?
>
> Wireless security is enforced by the wireless access point. If it
> demands that users have encryption, authentication, passwords, etc,
> then checking the access point is your prime method of testing
> security. Beyond that, there are numerous intrusion testing and
> detection tools and services, which will test the entire network, and
> not just a single component, which can be circumvented or bypassed.
>
> >6.) Recommended steps to setup such a network
>
> Hire someone that knows what they are doing and has done it before.
>
> >Please consider this urgent and post/reply ASAP
>
> If this is your responsibility, I suggest you either do some serious
> reading, or find someone with experience to expedite the project.
>
> --
> Jeff Liebermann je...@cruzio.com
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

My two cents here; You can always hire and expert, but how do you know
that person is an expert. I've been hired to fix "the mess left
behind" quite a few times.

Is there any wireless network certification?

On Thu, 27 Sep 2007 15:06:28 -0700, (E-Mail Removed) wrote:

>My two cents here; You can always hire and expert, but how do you know
>that person is an expert. I've been hired to fix "the mess left
>behind" quite a few times.

Good point. There are always references. I have prospective clients
check my references all the time. However, if they were referred by
an existing client, that's usually un-necessary.

Incidentally, much of what I do is cleaning up someone elses mess
(both in install and engineering). I would normally expect a customer
that has been burned by one "expert" to demand credentials and
references from whomever they hire to clean up the mess. However,
that's rarely the case. They just want it fixed and are apparently
willing to repeat the same mistake they made on the first "expert".
I've also noticed that such clients rarely ask me for an estimate.
Very strange.

>Is there any wireless network certification?

Sure. Here's a list:
<http://www.certmag.com/articles/templates/CM_SG_Article_Template.asp?articleid=2562&zoneid=2 69>
I think there are others, but I'm too lazy to search. Some
universities offer classes which culminate in a certification exam.

I've always wanted to collect certifications, but my office walls are
plastered with books, racks, hanging mice, diagrams, maps, schematics,
dead motherboards, photos, and white boards, that there's no room for
the certificates.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

On Sep 27, 3:51 pm, Jeff Liebermann <je...@comix.santa-cruz.ca.us>
wrote:
> On Thu, 27 Sep 2007 15:06:28 -0700, m...@sushi.com wrote:
> >My two cents here; You can always hire and expert, but how do you know
> >that person is an expert. I've been hired to fix "the mess left
> >behind" quite a few times.
>
> Good point. There are always references. I have prospective clients
> check my references all the time. However, if they were referred by
> an existing client, that's usually un-necessary.
>
> Incidentally, much of what I do is cleaning up someone elses mess
> (both in install and engineering). I would normally expect a customer
> that has been burned by one "expert" to demand credentials and
> references from whomever they hire to clean up the mess. However,
> that's rarely the case. They just want it fixed and are apparently
> willing to repeat the same mistake they made on the first "expert".
> I've also noticed that such clients rarely ask me for an estimate.
> Very strange.
>
> >Is there any wireless network certification?
>
> Sure. Here's a list:
> <http://www.certmag.com/articles/templates/CM_SG_Article_Template.asp?...>
> I think there are others, but I'm too lazy to search. Some
> universities offer classes which culminate in a certification exam.
>
> I've always wanted to collect certifications, but my office walls are
> plastered with books, racks, hanging mice, diagrams, maps, schematics,
> dead motherboards, photos, and white boards, that there's no room for
> the certificates.
>
> --
> # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
> # 831-336-2558 je...@comix.santa-cruz.ca.us
> #http://802.11junk.com je...@cruzio.com
> #http://www.LearnByDestroying.com AE6KS

Unfortunately, there are people that are good at passing written
tests, but still can't do the real work. Of course, having the sheep
skin and hands on knowledge is the best situation.

On Sep 27, 8:57 am, rockysam39 <rockysam39.2xk...@no-
mx.wirelessforums.org> wrote:
> 6.) Recommended steps to setup such a network

Judging by your questions, you're way over your head to ask
them...much less deploy a network.

Your local yellow pages most likely has computer shops that are very
experienced at this.

"Jeff Liebermann" <(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed)...
> rockysam39 <(E-Mail Removed)> hath wroth:
>
>
>>2.) Encryption technology
>
> You have two choices. WPA-PSK which uses TKIP and WPA2-PSK which uses
> AES. AES is considered more secure. In general, any client that
> supports TKIP will also support AES, so there's little risk of
> compatibility issues with AES. Only older cards and drivers may be a
> problem.
>

Hi,

Is it always these 2 choices for WPA?
In other words, if you buy a network card (PCMCIA) wich has WPA and WPA2, do
you have all possibilities?
Or is there in either one, another form of existence?


Thanks,
Ruud.
NL

"Ruud2022" <(E-Mail Removed)> hath wroth:

>Is it always these 2 choices for WPA?

It's kinda difficult to answer that because the various choices
involve:
1. Protocol
2. Authentication
3. Authorization
4. Encryption.
5. Vendor specific additions.

>In other words, if you buy a network card (PCMCIA) wich has WPA and WPA2, do
>you have all possibilities?

Sorta, maybe, probably. Bear with me here.
The *MAJOR* forms are:
WPA-Personal with TKIP encryption and a shared encryption key.
WPA-Enterprise with TKIP and RADIUS authentication
WPA2-Personal with AES encryption and a shared encryption key.
WPA2-Enterprise with AES encrytion and RADIUS authentication.

However, there are routers which will accept WPA with AES encryption.
None offer WPA2 with TKIP. You won't need that.

Where it gets ugly and potentially incompatible is 802.1x
authentication using EAP (extensible authentication protocol). There
are a mess of protocols possible with EAP.
<http://www.networkworld.com/research/2002/0506ilabwlan.html>
<http://www.computerworld.com/mobiletopics/mobile/story/0,10801,79995,00.html>
<http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol>
The problem is that not all wireless clients support all of these.

<http://www.microsoft.com/technet/network/eap/eap.mspx>
For wireless MS supports:
PEAP-MS-CHAP v2, EAP-TLS, PEAP-TLS
Vista added some more, but I'm too lazy to dig out the list.

>Or is there in either one, another form of existence?

Existence on a different plane is best experienced under the influence
of controlled substances.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558