Answer

Is WEP cracking still a worrisome WLAN security issue?

I'm responsible for our company's WLAN security. Do I still need to worry about WEP cracking, or is that no longer an issue?

    Requires Free Membership to View

Do you have a question for our experts?

Submit your question directly to our editors at editor@searchnetworking.com.

First-generation Wi-Fi products were plagued by vulnerabilities in Wireless Equivalent Privacy (WEP) that made it easy to crack keys used to encrypt wireless LAN (WLAN) traffic. Over the years, WEP-cracking tools have been refined to speed cracking, to the point that WEP should be considered little more than a "keep out" warning sign that deters casual freeloading but won't stop serious intruders.

Read more of Lisa's expert advice

Is 802.1X authentication good enough for WLAN access control?

How the 802.11ac standard impacts security

WPS attack precautions help avoid unauthorized WLAN access

Unfortunately, statistics show that WEP is still widely used today, well over a decade after the first WEP cracking issues. In Information Week's 2012 Mobile Security Survey of 322 business technology professionals, 24% admitted their corporate WLANs still support WEP. And cloud-sourced "war driver" reports gathered by Wireless Geographic Logging Engine (WiGLE) put worldwide SSID security use at 30% for WPA2, 11% for WPA and 25% for WEP at the end of 2012. So, yes, WEP is still alive and kicking and something you should consider.

That said, you may not need to worry about WEP cracking if you don't permit WEP use on your own company WLAN. As long as you require WPA2 (or WPA) for secure connections to your own WLAN, WEP crackers have no relevance one way or the other on the security posture of your network. But you should still monitor your office airspace to make sure that employees have not created their own little unauthorized WLAN using a rogue access point secured with WEP. Of course if you do permit WEP on your company WLAN, my advice is simple: Stop.

This was first published in January 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: