SECURITY ADVISER: Harder than you think

SECURITY ADVISER: Harder than you think

Once more I sat at the control console and went through the D-Link wireless access point’s forms to enable WEP (Wired Equivalent Privacy) encryption. I knew it wasn’t exactly the best encryption on the planet, but it was better than nothing at all, and the network I was working with didn’t handle much sensitive information anyway. I entered the key in hex and clicked the submit button. Next, I went to a laptop computer that already had 802.11g built in.

Until I’d enabled encryption on the access point, everything had been (in technical terms) hunky-dory. Now, of course, the access point couldn’t be reached.

So I went through the configuration for the 802.11g hardware (designed for the laptop by HP), entered the same hex key as I’d entered into the access point, and confirmed that the rest of the settings were correct.

Again I submitted the changes. And, again, the laptop wouldn’t communicate with the access point.

I tried a different laptop, one with an Enterasys 802.11b card. It had also worked fine with that access point until encryption had been turned on, but now nothing worked. So I enabled encryption on the Enterasys card, and again nothing worked.

Just for fun, I shut down both computers and restarted. I’d noticed in a number of tests I’ve conducted over the years that sometimes a wireless card needs to be powered off before settings will actually work, even though this isn’t supposed to be necessary. Unfortunately, that didn’t help either. Once again, I turned off encryption on each of the laptops and on the access point, and returned to operating in the clear.

As a temporary measure, I turned off DHCP (dynamic host configuration protocol) so that outsiders couldn’t get an IP address and use the access point.

Then I started calling around to see why things weren’t working.

For the most part, nobody knew. I wondered to myself, “Is this one of the reasons that so many wireless networks are lacking security?”

I took a look at some of the access points stashed around my lab and noticed a couple of things. All of them had WEP encryption available, and each handled it in a different manner; I tried them out and found that none worked with the Enterasys 11b card.

Then I realised that this card was so old that it really wasn’t an Enterasys card but rather one from Cabletron with a sticker update.

Further tests showed that with wireless products made in this century, things worked fine. The problem with 11g was probably due to early production-compatibility issues.

During all of this, it became clear that setting up security on wireless access points is a pain. Even when it works — and it usually does — you have to set it up individually for every access point and every computer that uses the access point. Worse, most of the access points out there are not supported by any sort of enterprise management so you can’t set up encryption for several at once. So maybe one of the major reasons for the lack of wireless security is simply that it’s too hard to accomplish.

Of course, there’s always the other reason: Lots of access-point owners simply don’t care.

Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments