Wireless Authentication

The two levels of WEP authentication are:

Open system—This scheme allows all users to access the wireless
network.

Shared key authentication—This is the more secure mode that
controls access to the wireless LAN and stops hackers from reaching
the network.

Shared key authentication uses a secret key that is shared throughout
all wireless network users and access points. Whenever a user
attempts to connect to an access point, it will reply with a random text
to challenge the user’s machine to identify itself as being authorized.
The wireless workstation must use its shared secret key to encrypt this
challenge text and reply to the access point in order to authenticate
itself to the WLAN. Then the access point will decode that response
using the same shared key and compare it to the challenge text it used
before. Only if the two results are the same will the access point confirm
that the wireless user can log into the network. If, however, the wireless
user does not have the same key or responds incorrectly, the access
point will reject any access attempt and prevent the remote user from
accessing the network.

It is important to know that WEP encryption is possible only in tandem
with shared-key authentication. However, if these precautions are
not enabled (and they are not by default) the system will function in
“open system” mode that allows anyone within in range of the access
point to gain access. In these very circumstances, hackers prey upon the
weaknesses of your wireless system.

Everyone on your wireless network may use the same shared key, but
even with this authentication enabled, authorizing just one individual is
not possible because everyone is considered one group using the same
shared key for network access. If you have several users in your organization,
then this “community key” can be easily acquired and there is a
greater chance for an unauthorized user to access your network
resources.

In most cases, the key used to authenticate users is the same as that
used for encrypting the data. This can constitute a major security
breach for any wireless user, regardless of platform. When a hacker has
a copy of the “shared key” he can use it to access your network and view
other users’ network traffic. This causes even greater network problems.
The best defense against this type of problem is to send out separate
keys to be used for authentication and encryption in your system.

When you keep these two keys separate, you increase your chances
that a hacker will not be able to compromise the mission-critical data
traveling across your network even if he does gain access and log onto
your system. In short, you can never be too secure. Don’t reuse the
same keys for the sake of convenience, because this compromises your
security.