Problem solve Get help with specific problems with your technologies, process and projects.

Is WEP cracking still a worrisome WLAN security issue?

Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.

I'm responsible for our company's WLAN security. Do I still need to worry about WEP cracking, or is that no longer an issue?

Do you have a question for our experts?

Submit your question directly to our editors at editor@searchnetworking.com.

First-generation Wi-Fi products were plagued by vulnerabilities in Wireless Equivalent Privacy (WEP) that made it easy to crack keys used to encrypt wireless LAN (WLAN) traffic. Over the years, WEP-cracking tools have been refined to speed cracking, to the point that WEP should be considered little more than a "keep out" warning sign that deters casual freeloading but won't stop serious intruders.

Read more of Lisa's expert advice

Is 802.1X authentication good enough for WLAN access control?

How the 802.11ac standard impacts security

WPS attack precautions help avoid unauthorized WLAN access

Unfortunately, statistics show that WEP is still widely used today, well over a decade after the first WEP cracking issues. In Information Week's 2012 Mobile Security Survey of 322 business technology professionals, 24% admitted their corporate WLANs still support WEP. And cloud-sourced "war driver" reports gathered by Wireless Geographic Logging Engine (WiGLE) put worldwide SSID security use at 30% for WPA2, 11% for WPA and 25% for WEP at the end of 2012. So, yes, WEP is still alive and kicking and something you should consider.

That said, you may not need to worry about WEP cracking if you don't permit WEP use on your own company WLAN. As long as you require WPA2 (or WPA) for secure connections to your own WLAN, WEP crackers have no relevance one way or the other on the security posture of your network. But you should still monitor your office airspace to make sure that employees have not created their own little unauthorized WLAN using a rogue access point secured with WEP. Of course if you do permit WEP on your company WLAN, my advice is simple: Stop.

This was last published in January 2013

Dig Deeper on WLAN Security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

If you need to ask such a basic question, you shouldn't be in charge of anything security related. Woe to your company's digital assets.