Corporate 802.11 wireless networks that provide mobile LAN and In...

(WEP) security protocol built into 802.11 standard are well-known, but biggest problem is that 1/2 to 3/4 of networks don’t use WEP option. WEP uses industry standard RC4 encryption algorithm, “a reasonable choice” in 1997 when 802.11 standard was released, Wagner said: “Unfortunately, WEP designers didn’t use RC4 carefully.” As implemented, even passive attacks -- hackers in van outside building -- can collect enough data traffic to deduce encryption key in a few hours, he said. Using mathematics to decipher encrypted data once was science limited to intelligence agencies, but today user-friendly computer tools needed to crack 802.11 networks are widely available as free software downloads at various hacker sites, Wagner said: “These are well-written programs that support many devices and [software] drivers.” Attackers also can “inject forged traffic,” he said. Passive monitoring and hacking of 802.11 wireless networks is major problem because of RF leakage. Although those fixed wireless networks are intended for in-building use, base stations radiate data into parking lots and surrounding streets. “Determinated hackers build a high-gain antenna that increases their range to a mile or more,” he said: “The methods of attack are sophisticated beyond my worst expectation. The hackers we know about are mostly ‘enthusiasts’ and not necessarily malicious. People using these techniques for corporate espionage don’t talk about it.” Wagner recommended network managers put 802.11 base stations outside protection of firewall and connect them to corporate network through secure virtual private network. Work by 802.11 standards committees to fix existing security problems is “a year or 2 away” and will require replacement of much of installed base of equipment, he said.