Problems with WEP

Wireless transmissions are inherently unsafe, as they allow wireless hackers (wardrivers) to access your data from a nearby parking lot. As most readers also know, the IEEE 802.11 standard includes basic protection, known as the Wired Equivalent Privacy (WEP) protocol. This protocol defines a set of instructions and rules by which wireless data can be transmitted over airwaves with added security.

The WEP protocol standardizes the production of hardware and software that use the IEEE 802.11 protocol. To secure data, WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the access point or wireless network card. RC4 is a secure algorithm and should remain so for several years to come. However, in the case of WEP, it is the specific wireless implementation of the RC4 algorithm, not the algorithm itself, that is at fault.

The following section will show in detail how WEP is cracked. On a busy corporate network, a wardriver can capture enough data to break your WEP encryption in about two to six hours. Breaking a home user's encryption might take longer (up to two to four weeks), since the flux of data is often much lower. Nevertheless, we recommend that you use WEP when possible, not just as a minor security barrier, but also because it serves as a gentle warning (akin to a login banner disclaimer on a network) that your network is private, rather than shared with the entire community. Also, some products (such as Windows XP) automatically associate with the strongest wireless signal by default. Using WEP prevents your neighbors from inadvertently sucking up your bandwidth, or from unknowingly browsing the Web using your home IP address!

Understand and participate in forensics.

In physical crimes, such as robbery and murder, special investigative teams are trained in the science of collecting and analyzing crime-scene data. These teams include on-scene personnel as well as forensic scientists in labs. Computer forensics is no different in its practice. In fact, many people are shocked to find that computer attack forensics is more concerned with law and evidence gathering, handling, and preservation than with computers. Most companies today don't prepare or understand the forensics process until after an attack has occurred. It is our goal in this section to show you what is required and how to prepare before an attack occurs.
First things first—computer crime is increasing and our ability to cope with the complexity of the networks and software applications that are being created is decreasing. Now, this is most certainly a generalization, but it holds true for many of the clients and companies we see every year. Another truth is that given enough time, energy, and incentive, just about any network can be hacked. If you can accept these basic truths, the time you spend planning and training in areas such as computer forensics will seem less like a waste of time and more like an investment.

Computer forensics is about collecting and analyzing data so it can be used and presented in court. Without proper forensic techniques, you are likely to destroy valuable data or render it inadmissible because it was improperly obtained, collected, or stored. Without evidence, you can't prosecute offenders, properly terminate employees for inappropriate behavior, or seek damages when corporate espionage hits home.

Privilege Management