Hi, There are a number of things that cisco APs (and a few others) do that help with the deficiencies of WEP: - avoid some values of the IV used to build the full WEP key (this is a pretty easy fix) - use dynamic per-session WEP keys (using LEAP or 802.1X authentication with appropriate methods such as EAP-TLS), and change them over time - do broadcast/multicast WEP key rotation
This should make sure that a WEP key is never used long enough that an eavesdropper can capture enough packets to find it. But it requires that you use a RADIUS server with EAP support, and appropriate clients. There are also a few other things they do which help with other aspects, like the use of TKIP for instance. Jacques. At 16:49 08/10/2002, Howard Shiau wrote: >I was speaking to a Cisco representative at the >Angelbeat Wireless seminar yesterday and he said that >Wifi using their AP's and card was secure since they >use a different implementation of WEP that drops all >the packets that most people use the decrypt the >codes. He also said that their AP's have never been >hacked. Is this true? Are they really secure or was >this just marketing? > >__________________________________________________ >Do you Yahoo!? >Faith Hill - Exclusive Performances, Videos & More >http://faith.yahoo.com >-- >NYCwireless - http://www.nycwireless.net/ >Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ >Archives: http://lists.nycwireless.net/pipermail/nycwireless/ -- Jacques Caron, IP Sector Technologies Join the discussion on public WLAN open global roaming: http://lists.ipsector.com/listinfo/openroaming -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
