Dynamic WEP-keys or WPA with PEAP? risks etc

walruspro · ‎03-11-2004

Hello!

We are bound to deploy a large WLAN at a school here, both for student and employee acess. We have a wired system based on 802.1x and PEAP so we are going to keep PEAP for the WLAN as authentication mechanism.

The AP's will probably be 1230 and a complete mixture of client-adapters (especially from students), we can rule wich adapters the employees are "permitted" to use.

Now to the encryption-issue... As we see it it is the WPA-concept OR dynamic WEP-keys(fast aging of both broadcast and session-keys). What are the pro's and con's here? Considering security and access?(students with adapters that don't support WPA) One option is of course to force users to user WPA-only adapters.

How great is the "realistic" risk of unauthorized access with dynamic wep-keys vs WPA? Is there any documented methods on breaking "5 mins alive"WEP-keys?

I dont think you can run both WPA and WEP in the AP and differentiate in wich SSID the client connects to?

/Fred - Sweden

wong34539 · ‎03-17-2004

I think you can achieve this by using VLAN in Access Points. To know more go through the following document,

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml

jczaplewski · ‎04-01-2004

There is a good argument to go WPA vs dynamic wep, but as you seem to alude to, you know that WPA is as prevalent as it's supposed to be (what happend to Aug 2003? ).

Anyway, dynamic WEP, rotated frequently enough, will provide you adequate encryption of the air waves, if you combine it with PEAP for user authentication, imho.