When you use your client adapter with Windows CE, you can protect your data as it is transmitted through your wireless network by encrypting it through the use of wired equivalent privacy (WEP) encryption keys. With WEP encryption, the transmitting device encrypts each packet with a WEP key, and the receiving device uses that same key to decrypt each packet.
The WEP keys used to encrypt and decrypt transmitted data can be statically associated with your adapter or dynamically created as part of the LEAP authentication process. The information in the "Static WEP Keys" and "Dynamic WEP Keys with LEAP" sections below can help you to decide which type of WEP keys you want to use. Dynamic WEP keys with LEAP offer a higher degree of security than static WEP keys.
WEP keys, whether static or dynamic, are either 40 or 128 bits in length. 128-bit WEP keys contain more information than 40-bit keys and, therefore, offer a greater level of security.
In fact, Cisco Aironet wireless security solution offers the more sophisticated key management techniques desired by the researchers. The recently introduced Cisco Aironet WLAN security solution combines several innovations, such as dynamic, per-user, per-session WEP and integrated network logon, that address several of the limitations of WEP, while promoting hassle-free enterprise deployment. Cisco also believes that these features, along with best practices in network design and deployment, and standards efforts on open security framework, such as IEEE 802.1x, will help drive new interoperable solutions to better meet customer needs. By employing a dynamic, not static, WEP encryption key for every user and enabling that key to change frequently, the Cisco Aironet security solution greatly diminishes the applicability of certain attacks identified by the Berkeley researchers.
Using the Cisco Aironet Security solution as a reference, the next sections:
•Discuss inherent limitations of WEP
•Identify areas where the Cisco Aironet wireless security solution augments WEP as defined by IEEE 802.11b to achieve increased levels of robustness and to minimize the vulnerabilities to certain classes of attacks to which WEP and RC4-based security schemes are susceptible
•Identify other solutions that Cisco offers its customers to achieve integrated end-to-end security
•Outline the standards initiatives that Cisco has undertaken to promote inter-operable security standards for wireless networks
Cisco Aironet Wireless LAN Security Overview
Perhaps the only thing more important to your business than the data exchanged on your network is the ability to maintain the security of that data. Security fears have caused some network managers to avoid installing wireless LANs (WLANs), regardless of the numerous benefits that they provide.
• Intrusion Prevention System (IPS) capabilities and advanced location services with real-time network visibility
• Indoor/outdoor Wi-Fi security convergence with Cisco's wireless mesh solution
• Management Frame Protection (MFP) to provides strong cryptographic authentication of WLAN management frames for the detection and prevention of 802.11 management frame attacks
Cisco, the network leader and a driving force behind wireless networking, has made it possible for network managers to give users the freedom they crave without sacrificing the network security they demand.
Special attention should be paid to the use of strong passwords. Cisco LEAP is a password-based algorithm. To minimize the possibility of a successful dictionary attack, use strong passwords, which are difficult to guess. Some characteristics of strong passwords include:
A minimum of ten characters.
A mixture of uppercase and lowercase letters.
At least one numeric character or one non-alphanumeric character (example: !#@$%).
No form of the user's name or user ID.
A word that is not found in the dictionary (domestic or foreign).
Release notes / product overview / data sheet / FAQ