Executive Briefing: Wireless Network Security
White Paper
Wireless Network Security
Three Levels of Wireless Security
8
Three Levels of Wireless Security
1 — Physical Layer Encryption
The lowest level of security that can be deployed in a wireless network is the Wired Equivalent Privacy
standard (WEP). WEP allows for 40-bit or 128-bit keys to be entered in both the access point and the clients
to encrypt the traffic between the PC and the access point.
Figure 1 WEP Standard for Securing Wireless Networks
Figure 1 depicts the WEP standard. Unauthorized users can gain access with easy-to-find software. Also, all
authorized users must use the same encryption key.
The challenge however, is the inherent weakness of WEP security. With a little digging, unauthorized users
can easily find software on the Internet that can be used to crack WEP encryption by capturing the network
traffic over the air and deciphering the key (figure 1). Once the WEP key is deciphered, the traffic can be read
in the clear, overcoming the encryption on the network traffic.
Another challenge of WEP-only encryption is the need to key each client device and each access point with the
same encryption key (figure 1). In environments with more than ten users, the management of these keys,
and manual re-keying whenever a user is removed from the network can be burdensome.
To address the inherent flaws of WEP, the Wi-Fi Alliance has created a new standard called Wi-Fi Protected
Access (WPA). WPA combines two components to provide strong security for wireless networks. The first
component is called Temporal Key Integrity Protocol (TKIP), which replaces WEP with a much stronger
protocol. TKIP provides data encryption enhancements including a key mixing function, a message integrity
check, and a re-keying mechanism that rotates through keys faster than any sniffer software can decode the
Wireless
Access Point
Authorized Users
Can Access
Unauthorized Users
WEPCrack
AirSnort
Comprise
Easy to
Network