I posted the following as a comment on TechRepublic. I figured I’d reproduce it here as well. It’s in response to the a rather ill informed article about wireless security. It’s amazing to me how much misinformation is out there about wireless security. I’ve written a few documents on the subject for work. Maybe one of these days I’ll try to clean some of them up, remove any references to my employer and post them here.
Obviously the author if this article doesn’t read the *other* articles on TechRepublic, or he might have seen this one: which explains a little bit about WPA and how it fixes the security problems with WEP. 🙂
Essentially WPA (not WPA-PSK, which is slightly different), is a combination of WEP, 802.1x authentication, TKIP, and MIC. Together, these technologies offer per-user authentication, two levels of key rotation, and an enhanced packet integrity check.
To understand why WPA fixes WEP, it helps to first understand what’s wrong with WEP. WEP actually uses the same base encryption algorithm as the venerable and highly trusted SSL standard (used for https secure web pages for example). The problem lies in the weak algorithm that WEP uses to do per packet key rotation. This key rotation is weak enough that it’s possible, after gathering enough encrypted packets, to predict the key rotation and decrypt subsequent traffic. (see this URL for far more detail: )
802.1x authentication is part of the WPA standard, but can also be used without WPA, provides three advantages over WEP alone. The first is that 802.1x eliminates the problem of distributing and redistributing one static WEP key to every user. How it does this is closely tied to the second advantage of 802.1x. 802.1x authenticates users attempting to connect to the wireless Access Point against a Radius server. The Radius server can then, of course, backend that authentication to almost any enterprise authentication store (AD, NDS, etc). The third advantage that 802.1x provides is that each user is given a seperate, unique WEP key, and you can do primitive but effective key rotation by timing out the users login session. The client will re-connect in the background and the user will get a new WEP key. It sounds clumsy, but works quite well in practice.
With 802.1x and WEP, breaking WEP becomes very difficult. Aside from the key rotation (usually set to 5-30 minutes by most admins), there is the practicle issue that none of the current WEP cracking tools are smart enought to see when they key rotates or to see that each user has a different key. The result is that the attacker wastes his time on the mathematically impossible task of taking packets encrypted by more than one WEP key and attempting to crack one single WEP key that will “fit” all of them.
TKIP adds an enhanced per-packed key rotation (making WEP cracking even more unlikely) and MIC provides an enhanced packet integrity check (to prevent packet alteration and man-in-the-middle attacks).
The combination of these three technologies makes WPA potentially *more* secure, not less secure than a wired connection (do *you* authenticate users on your wired ethernet connections? Most companies don’t).
Now there are still to remaining legitimate concerns about wireless networks. One is that they indeed are lower bandwidth than wired ethernet connection. The second is that it is not only possible, but easy to create a local denial of service. The simplest and most difficult to block denial of service would be a high volume radio transmitter in the 2.4Ghz (or for 802.11a, 5Ghz) range. For these reasons, I recommend wireless as an *addition* to wired connectivity. Wireless is great for meeting rooms, for impromptu workgroups and other circumstances where roaming about the building is desirable. But all critical users should have a wired connection at their desk.