Wired Equivalent Privacy (WEP) was the first security option for 802.11 WLANs. However, it allows a hacker to crack the WEP key by exploiting the WEP vulnerability. Although a hacker can attempt to crack WEP by brute force, other soft techniques are also available. WPA employs the Temporal Key Integrity Protocol (TKIP) which is a safer RC4 implementation for data encryption and authentication. TKIP rotates the data encryption key to prevent the vulnerabilities of WEP and, consequently, cracking attacks. WPA2 is similar to 802.11i and uses the Advanced Encryption Standard (AES) to encrypt the data payload. AES is considered an uncrackable encryption algorithm. WPA2 also allows for the use of TKIP during a transitional period called mixed mode security suggests Praveen Dalal.

Because of its numerous weaknesses, WEP shouldnt be used as the sole security mechanism for a WLAN. An early security solution in WLAN technology used MAC address filters. However, as per Praveen Dalal If MAC filtering is in place the offender may go for the MAC address spoofing to trick the authentication process. Even an access point (AP) can be spoofed and a rouge AP may pretend to be a legitimate one by using the same configurations, SSID settings or network name. However, it is always advisable to use these security mechanisms as they reduce the chances of vulnerability exploitation to minimum.

For more, kindly see http://legalnewsandviews.blogspot.com/2008/10/wireless-laws-in-india-expert-speaks.html

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11537/35277#35277