Despite its problems, wired equivalent privacy (WEP) can still stop 90% of security breaches in wireless LANs, according to Richard Hollis, chief executive officer of Orthus.
Speaking at the WLAN Event in London in May, Hollis said more than 90% of hackers were just interested in getting free internet access and nothing more sinister. They won’t bother breaking even the simplest security system, and merely go to look for an easier target.
“Hackers select easy targets and use simple attack methods,” said Hollis. “They are easily deterred.”
WEP has had a bad press since August 2001 when AT&T Labs published a paper showing how easy it was to crack. But though it will not deter a serious technically adept hacker, there is no reason not to use it as part of a security system, said Hollis.
Jenni O’Connell, technical consultant with Global Secure Systems, agreed. She said, “The cheapest and easiest thing you can do with a WLAN is turn on WEP. It costs you nothing, so why not do it?”
But Hollis and O’Connell both stressed that to stop the more serious hackers, or crackers as Hollis called them, higher levels of security were needed.
However, the element of the 802.1x standard that can rotate WEP addresses quicker than they can be cracked is suffering from not being ratified.
“Everyone is doing their own flavours,” said O’Connell. “There is no compatibility between 802.1x systems. It is vendor locked at the moment.”
She said that for corporates, a firewall built specially for wireless networks was still the best route.”