LAN security is an important concern especially for the network sharing sensitive data like credit card information and passwords. There is some security standard is required for preventing these networks from security attacks. WEP is a weak security standard used for providing security to the wireless networks. As the name implies, WEP standard is equally secure to a wired security standard. WEP standard is widely used for providing security to NIC (network interface card) and it is also easy to implement WEP standard for wireless LANs.
WEP standard was ratified in September 1999 by IEEE 802.11. WEP ensures data confidentiality through RC4 stream cipher algorithm and integrity is CRC - 32 checksum. After enabling WEP standard, every frame is to be encrypted before transmission over wireless LAN by using RC4 encryption technique. At the receiving end, other NIC performs the decryption operation. In this way, this standard helps in secure transmission of data over wireless network. As soon as network enters the wired side, WEP standard stops working there.
In the basic WEP encryption scheme, plain text is XORed with RC4 key stream for creating cipher text. This cipher text is further transmitted over the wireless network.
Here are two authentication techniques used along with WEP security standard. These are shared key authentication and open system authentication.
As the name suggests, in open system authentication there is no credentials are required by the user. Any user can login to the network through access point. There is no doubt that keys still can be used for data encryption. The only condition is to use correct keys by the user.
The other authentication technique used by WEP standard is shared key authentication. In this technique user have to enter his credentials before login to the network. Here is four step authentication process that has to be followed by every user in shared key authentication.
First of all user has to broadcast authentication request to access point. Access point sends a text challenge in reply. User has to encrypt that text message using WEP security standard and again broadcasted to the aces point. This text message is decrypted through access point. If it matches exactly then user gets the permission to access the network.
There is no doubt that shared key authentication is much secure as compared to open system authentication. But there is one drawback with shared key authentication is that key stream can be identified in between during transmission. In this case, expert advice using open system authentication instead of shared key authentication.
What are possible drawbacks associated with WEP?
WEP is a good security standard since 1999 but there are also some limitations associated with this security standard. RC4 is a stream cipher so key repetition should be avoided for enhancing security. The main purpose of Initialization vector used along with plain text is to avoid key repetition but length of Initialization vector is short that is very much susceptible to the security attacks. After every 5000 frames there are chances of key repetition for a small initialization vector of 24 bits. For a extremely busy network, IVs could repeat even after one hour. If hacker is successful in collecting enough number of data frames then he can easily crack the shared key used in WEP security standard.
The main cause of this problem is a single shared key concept. There are no chances of changing the key dynamically among stations. The key can be changed only manually which is quite impossible for large organizations to handle this key management manually. The task of key management is handled by administrator who changes the key manually after a regular interval of time. But this is not a permanent solution for securing wireless networks. According to a study in 2005, hackers were able to crack the key in 3 minutes only.
When WEP makes sense to the employees
WEP works best where you require only minimum level of security. A wireless with WEP security is much better as compared to a wireless LAN without WEP security. According to a research wireless LAN without WEP security is easily accessible by the hackers and data is detected or altered in between transmission. If you are running a home or small business then WEP is more than enough for you.
WEP does not require extra software or hardware on your computer. In other words, this security standard secures your network in budget and it is also easy to implement WEP over wireless networks.
Remedies of WEP
Some non standard fixes Implemented
This is a proprietary advancement over WEP in which length of initialization vector was increased to some bits. This was especially designed for preventing brute force attacks. But it was not so much appreciated by the users and they demand for other security standard.
The main aim of WEP plus (WEP+) standard was to avoid weak initial vectors. This standard works best if WEP Plus is installed at both sending and receiving end. But you cannot force the other user for implementing WEP PLUS on his network. This was the only drawback that this standard was also rejected by the users. After rejection of WEP plus, there was requirement of some advance security standard.
In this security mechanism, dynamic key generation concept was introduced that was further implemented in WPA and WPA 2. But this security standard was vendor specific and this was available to some vendors only. This was also not so successful but it gave a new direction to the wireless industries. Finally WPA 2 came into existence that was highly appreciated by the users and still in use by the wireless network applications.
WPA was basically designed to address all possible drawbacks of WEP. WPA has eliminated the use of single shared key among stations. Now TKIP protocol is used for generating dynamic key that makes the network more secure as compared to WEP. But this standard was not approved by IEEE and it was only a intermediate solution of wireless network users.
WPA 2 or 802.11i is the best security standard that has ever been discovered. It was also approved by IEEE in 2004 and has become an essential requirement for all wireless devices. There is no limitation associated with this enhanced security mechanism. You have to install some extra software and hardware for implementing WPA 2 over wireless networks.