I'm responsible for our company's WLAN security. Do I still need to worry about WEP cracking, or is that no longer...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Do you have a question for our experts?
Submit your question directly to our editors at firstname.lastname@example.org.
First-generation Wi-Fi products were plagued by vulnerabilities in Wireless Equivalent Privacy (WEP) that made it easy to crack keys used to encrypt wireless LAN (WLAN) traffic. Over the years, WEP-cracking tools have been refined to speed cracking, to the point that WEP should be considered little more than a "keep out" warning sign that deters casual freeloading but won't stop serious intruders.
Read more of Lisa's expert advice
Is 802.1X authentication good enough for WLAN access control?
How the 802.11ac standard impacts security
WPS attack precautions help avoid unauthorized WLAN access
Unfortunately, statistics show that WEP is still widely used today, well over a decade after the first WEP cracking issues. In Information Week's 2012 Mobile Security Survey of 322 business technology professionals, 24% admitted their corporate WLANs still support WEP. And cloud-sourced "war driver" reports gathered by Wireless Geographic Logging Engine (WiGLE) put worldwide SSID security use at 30% for WPA2, 11% for WPA and 25% for WEP at the end of 2012. So, yes, WEP is still alive and kicking and something you should consider.
That said, you may not need to worry about WEP cracking if you don't permit WEP use on your own company WLAN. As long as you require WPA2 (or WPA) for secure connections to your own WLAN, WEP crackers have no relevance one way or the other on the security posture of your network. But you should still monitor your office airspace to make sure that employees have not created their own little unauthorized WLAN using a rogue access point secured with WEP. Of course if you do permit WEP on your company WLAN, my advice is simple: Stop.
Related Q&A from Lisa Phifer
The enterprise mobility management market for wearable devices is in its infancy, but IT can still use existing EMM tools to manage wearables.continue reading
Wireless expert Lisa A. Phifer explains why you shouldn't stop using 802.1X authentication methods for enterprise WLAN access control.continue reading
The upcoming 802.11ac standard is an improvement over 802.11n, but how could security be impacted? Wireless expert Lisa A. Phifer explains.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.