WEP security is mere clicks away, in Windows

Some things can become increasingly decrepit with age

Ah, the joys of aging: seeing friends who haven't laid eyes on you in a few months or even years and hearing, "Geez, you've certainly got a lot of gray hair." That's always a mood booster. Then I spent 45 minutes watching the end of a Keira Knightley movie, the whole time thinking that Winona Ryder sure had gotten thin. But that's the way. Things become increasingly decrepit with age. Such as WEP, for instance.

Now, most of us IT managers swore off WEP some time ago. The only problem is that swearing off WEP for our personal geek machines and swearing it off for a whole fleet of disparate desktops and laptops are two different things. WEP just happens to be a convenient common denominator, and when the user is breathing down your neck for a fast resolution, it's often easy to rationalize its use. After all, installing a 128-bit WEP key should be enough to keep the average war drivers at bay. And you'll get back to the WPA (Wi-Fi Protected Access) deal as soon as you clear the other 99 highly urgent things on your list.

That may have been the case for the last couple of years, but an IDG article recently described how WEP security has had even more holes shot through it in the last 12 to 18 months. The piece concerned a bunch of German mathematicians who showed that a 1.7GHz Pentium M CPU took only 3 seconds to crack a 104-bit WEP key. See, that sends chills down my spine. If it sends a shudder or two down yours, then take a shot of something strong and read on.

I griped about these worries to a buddy, and he verbally slapped me about the ears and face: "How can you write a Microsoft column every week and not know that you've got everything you need to fix that problem sitting on your Active Directory server?" I asked him to explain, but at first he'd only compare my intellect to that of various dinner vegetables. Some back and forth on that, a little violence, and we got down to explanations.

All you need to do is disable the preshared key portion of the WEP equation. You can replace this with 802.1x on any post-Windows XP Pro SP2 PC, especially anything running Vista. It does require a little router fiddling, but just enough to cause the router to manage user authentication via RADIUS. Yeah, that means installing IAS (Internet Authentication Service) somewhere on the Windows network, but that's mostly a matter of check boxes. Get that done, and your Wi-Fi users can authenticate using their AD credentials.

He showed me how he did it: Just enabled IAS on the Domain Controller and sent a memo to the user community. I asked how he'd handle something such as the guest credentials I can configure on my SonicWall router for outside users -- easy enough to do by simply ignoring the problem on the router side and creating one or two AD accounts provisioned with only guest access. He liked that approach better anyway, he said, because it allowed him to add things such as guest printer and storage access in addition to wireless Internet access. He also found it easier to manage from an event log basis.

There are other ways to handle your WEP troubles, of course. Jumping to a full WPA2 implementation is preferred, but because most of us have bumped into troubles with that across different notebooks' wireless implementations, dropping that complexity onto the back end is definitely easier for now. And it's one less thing to worry about.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Oliver Rist

InfoWorld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?