Despite its problems, wired equivalent privacy (WEP) can still stop 90% of security breaches in wireless LANs, according to Richard Hollis, chief executive officer of Orthus.
Speaking at the WLAN Event in London in May, Hollis said more than 90% of hackers were just interested in getting free internet access and nothing more sinister. They wonโt bother breaking even the simplest security system, and merely go to look for an easier target.
โHackers select easy targets and use simple attack methods,โ said Hollis. โThey are easily deterred.โ
WEP has had a bad press since August 2001 when AT&T Labs published a paper showing how easy it was to crack. But though it will not deter a serious technically adept hacker, there is no reason not to use it as part of a security system, said Hollis.
Jenni OโConnell, technical consultant with Global Secure Systems, agreed. She said, โThe cheapest and easiest thing you can do with a WLAN is turn on WEP. It costs you nothing, so why not do it?โ
But Hollis and OโConnell both stressed that to stop the more serious hackers, or crackers as Hollis called them, higher levels of security were needed.
However, the element of the 802.1x standard that can rotate WEP addresses quicker than they can be cracked is suffering from not being ratified.
โEveryone is doing their own flavours,โ said OโConnell. โThere is no compatibility between 802.1x systems. It is vendor locked at the moment.โ
She said that for corporates, a firewall built specially for wireless networks was still the best route.โ