How to protect yourself in an “external” network world …
Recently there has been a lot of talk about the failure of WEP encryption in 802.11b to protect wireless users. This link is to a simple application which can quickly break the WEP keys. These types of tools have been around for years, and can be used on ANY network which is not physically secured!
The key to solving these issues is to look at the medium – wireless – as an “external” network. It is one which exists “outside” of your firewall! If you view it this way, you then can begin to solve the “problem” of security using standard off the shelf solutions.
The entire Virtual Private Network (VPN) market was created to solve this exact issue, and is the solution being used by networking companies such as Novell. Communications over wireless is no different than communications over any network that is outside of your control … and it requires a full end-to-end security solution. That is what a VPN is. Even if you were in a hotel, communicating over a wired network, your traffic could be intercepted and captured. Again, most companies would use a VPN for their employees in these scenarios …and so wireless is no different.
If you are considering deploying wireless for your employees … even for use at your company offices … install the wireless access points OUTSIDE your firewall, and use a VPN solution for them to communicate into the network. The benefit is that it will secure your corporate communications ANYWHERE!
This program breaks the WEP encryption and delivers the key: I have mixed feelings about posting a link to this software, but it’s necessary because it’s widely available. Running this software against anyone’s network except your own (or one that you have authorized, written permission to crack) could constitute illegal cracking in many jurisdictions worldwide. Simple ownership of this program might also be illegal in some countries. Note that cracking WEP encryption is not covered by the DCMA, which has resulted in charges against people cracking Adobe eBook and Hollywood DVD encryption. Those schemes are copyright-protection methodologies that include encryption; WEP is a general-purpose encryption system which is not design specifically to protect copyrighted materials.