PDA

Click to See Complete Forum and Search --> : How secure is WLAN with that Option

Polly_31
02-19-2008, 06:37 AM
Hi all,

I have here a question about security regarding WLAN. Wherever I go, everybody says, that the Network shoud be protected with at least WEP.

My question now is:
As this is a service for a public library, I would have to give out the WEP key to the clients anyway. So I'm not sure if that is secure, if people know already the WEP than?

A second thought is to leave the Network opend and activate an option on my Access Point which says "No traffic between each client on the WLAN". from there I would say that everybody is secured, as everybody is on his own "Vlan". If somebody trys to get it the new PC will be on a new "Vlan" on this AP and cant get datas from other surfers?!?

Can anybody confirm if that thought is right or if I understood this option wrong?

Again, the serivice is for public use, therefore I see a opened network as insecure as a secured Network where I give out the WEP Key

Thanks,
Chris
Edit/Delete Message
DjBlaze
02-19-2008, 11:50 AM
The access is open without any security in our library. I would suggest you do the same to reduce support and allow each client to configure their own "host" based security.

Just make sure a disclaimer specifies that the library is not responsible for any damage done due to a lack of security on the host.
X-E-0-3
02-20-2008, 03:55 PM
Change the WEP daily. Takes less than a minute.
X-E-0-3
02-20-2008, 03:55 PM
WEP can be cracked in less than 30 seconds by the savvy.
golfnut
02-21-2008, 08:52 PM
If you use WEP for a public wireless network and change it daily, your librarians will spend more time answering configuration questions.

Free WiFi means that the user accepts the risk. I would consider using a hotspot gateway with username/password access with a terms and condition page.

Greg
CWNE #16
02-23-2008, 10:50 PM
If your concern if confidentiality (of data frames), then your thoughts about a publicly known WEP key being as secure as an open network is correct. However, configuring the AP so that client to client direct communication is not allowed will not help you.

If I am using a protocol analyzer, I will be able to capture all the packets in the air. Even if you use WEP, I can enter the WEP key in my protocol analyzer and decode every packet in realtime, or just decode it later, removing the idea of confidentiality (through encryption.) Obviously, changing WEP keys daily won't help, and would be a management nightmare.

Your best bet is to put a policy in place stating that the network is open, similar to a Starbucks hotspot, etc. It is up to the end user to provide their own confidentiality through a VPN,