Ensuring Privacy

In dealing with security and privacy so much in my career, I once
learned the mantra that “A security solution without ensuring privacy is
not a solution at all!”
As we concentrate on the issues pertinent in wireless security, it is
imperative to deal with the issue of privacy. The 802.11 standard can
deal with privacy issues through using cryptographic mechanisms in its
wireless connectivity.
The WEP mechanism ensures privacy through its use of the RC4
symmetric-key cipher algorithm to create a pseudorandom data
sequence. WEP makes it possible for data to be protected from interception
(or really understood) between transmission points along the wireless
network (Figure 4.3). WEP is useful for all data in the WLAN, to
protect and make your data channel private. The idea is to protect data
when flowing through:

Transmission control protocol/Internet protocol (TCP/IP)

Internet packet exchange (IPX)

Hyper text transfer protocol (HTTP)
WEP is designed to permit privacy by supporting cryptographic keys
ranging in size from 40 to 104 bits. The idea is that by increasing the size
of the key, you proportionally increase your level of security. For example,
a secure setup includes a 104-bit WEP key using 128-bit RC4.
In practice, when you employ a key size in excess of 80 bits, it makes
brute force hacker attacks very lengthy, time consuming, and generally
unrealistic as a form of breaking into a network without being detected.
In fact, with 80-bit keys, the number of possible keys is so great that
even the most powerful computers produced today would not be powerful
enough to break the code.

Unfortunately, in my experience, most companies don’t use these
keys for even the simplest form of protection on their network. Most
WLAN implementations use only 40-bit keys. Most hacker attacks are
successful on implementations that use 40-bit WEP keys; the majority of
WLANs are at serious risk of being compromised.