It appears that the issue with WEP is that it uses the same key long enough for the hacker to crack it...the Linksys WAP11 that we use has an Authentication Type setting of "Open System" where "...Each party generates its own key pair and asks the receiver to accept the randomly generated key. Once accepted, this key is used for a short time only. Then a new key is generated and agreed upon. Even if this secret key is discovered, only a small amount of data may be deciphered."

What I am wondering is, is this the same issue and does the "Open System" setting fix the problem? I also encorporate "Disable SSID Broadcast" and MAC Filtering along with the WEP. Does this mean my WLAN is secure?

Thoughts??

peace
z

Even WEP supporters now concede it is broken. A Maryland professor thinks 802.1x is much better. The rapid keying fix probably won't deter the determined hacker. People I speak with recommend either a VPN tunnel or waiting until AES is available for mobile devices.

So even though the key is rapidly changing the hacker could still find out what the key is? How would they even know that the system existed since it is not broadcasting it's SSID? If I set to "any" on our current set up my card just scans and does not find anything to look at, much less sniff. Maybe I am just misunderstanding what it is that the hacker is doing.

thanks,
z

Here is a good link to some background on the Univ. of Maryland report:

www.80211-planet.com/columns/article/0,,1781_975841,00.html

Essentially, the flaws include man-in-the-middle and connection hijacking.

The answer on whether any security solution is "secure" is usually "it depends...". If you running a home networking WLAN your approach is very secure compared to most, however if you are running a corporate WLAN with a lot of users passing sensitive data you may want to add a few more layers - EAP-TLS, VPN, & RADIUS authentication.

Check out this 802.11 security workshop for a crash course on securing your WLAN:

www.itvshop.com/wlan-security

How would someone know that the network is there if the SSID is not being broadcast...is there another way other than setting your card to "any" and picking one up?

Thanks,
z

There is a sniffer that is used with a prisim card and linux that will find any 802.11b network. as it finds the network traffice and registers the network and any information it sends as you drive past it. so gone are the days when you can hide the ssid/ essid/ and that stuff.