Stuck with WEP – will increasing key lengths help harden WLAN?

3160 pts.
Tags:
Biometrics
Compliance
CRM
Digital certificates
Disaster Recovery
Identity & Access Management
Intrusion management
Policies
provisioning
Risk management
Security Program Management
Security tokens
Single sign-on
I have potential security issues on my wireless LAN because my equipment is older and I can?t use WPA. I'm worried that my data is vulnerable. If I increase my WEP key length from 40 to 128 or greater, will this help?

Answer Wiki

Thanks. We'll let you know when a new response is added.

It will help, but only in a limited sense.

To get the most out of what you’ve got, visit www.cisecurity.org (Center for Internet Security) and download a copy of their latest benchmark for wireless networks. I was a member of the team that developed it.

In a nutshell, here are the elements:
– Turn off SSID broadcasts
– Set the SSID to as long a random value as your oldest equipment permits
– Use a 128 bit random hex key (Alpha-numeric keys only offer about 2.5 bits of randomness per character)
– Adjust the transmit power to the lowest level that will work in your facility
– Use Pre-Shared keys for authentication (not to be confused with the encryption), again using as long a hex value as allowed by your equipment
– Consider MAC address filtering, depending on the number of systems in use (only workable for very small numbers)
– Distribute the encryption key and authentication keys by
physical media (Floppy or mini-cdrom) to make entering the keys by copy and paste to reduce entry errors.

– Develop and implement a plan to identify and inventory ALL wireless equipment, and then phase out the older equipment on a budgeted, scheduled basis.

– Tie all wireless networks to a VLAN which requires VPN authentication for further inbound access.

That should get you moving in the right direction.

Bob

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Bobkberg
    Some afterthoughts... - Limit the DHCP address range on any access point to the bare minimum that you can work with. - Consider directional antennas on systems close to the periphery of your building, so that the signal that does leak out is kept to a minimum. - Similarly, if you're in part of a multi-story, multi-tenant building, try to get antennas that do most of their radiating in a horizontal direction. - Do a walkabout with NetStumbler on the outside of the facility, checking for signal strength, and tweak the offending systems, or relocate them. - Get the book Wi-Foo by Vladimirov, Gavrilenko & Mikhailovsky (Addison-Wesley). Be forewarned that it's some heavy going, and very technical. Bob
    1,070 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following