Cisco WRV54G User Manual

68

Appendix B: Wireless Security
What Are The Risks?

Wireless-G VPN Broadband Router

not completely secure. One piece of information still not encrypted is the MAC address, which hackers can use to
break into a network by spoofing (or faking) the MAC address.

Programs exist on the Internet that are designed to defeat WEP. The best known of these is AirSnort. In about a
day, AirSnort can analyze enough of the wireless transmissions to crack the WEP key. Just like a dictionary-
building attack, the best prevention for these types of programs is by not using static settings, periodically
changing WEP keys, SSID, etc.

There are several ways that WEP can be maximized:

a) Use the highest level of encryption possible

b) Use multiple WEP keys

c) Change your WEP key regularly

Current encryption technology offers 64-bit and 128-bit WEP encryption. If you are using 64-bit WEP, swap out
your old wireless units for 128-bit encryption right away. Where encryption is concerned, the bigger and more
complex, the better. A WEP key is a string of hexadecimal characters that your wireless network uses in two
ways. First, nodes in your wireless network are identified with a common WEP key. Second, these WEP keys
encrypt and decrypt data sent over your wireless network. So, a higher level of security ensures that hackers will
have a harder time breaking into your network.

Setting one, static WEP key on your wireless network leaves your network open the threats even as you think it is
protecting you. While it is true that using a WEP key increases wireless security, you can increase it further by
using multiple WEP keys.

Keep in mind that WEP keys are stored in the firmware of wireless cards and access points and can be used to
hack into the network if a card or access point falls into the wrong hands. Also, should someone hack into your
network, there would be nothing preventing someone access to the entire network, using just one static key.

The solution, then, is to segment your network up into multiple groups. If your network had 80 users and you
used four WEP keys, a hacker would have access to only ¼ of your wireless network resources. In this way,
multiple keys reduce your liability.

Finally, be sure to change your WEP key regularly, once a week or once a day. Using a "dynamic" WEP key, rather
than one that is static, makes it even harder for a hacker to break into your network and steal your resources.