What Is Wired Equivalent Privacy (WEP)?
What is WEP? Wired Equivalent Privacy (WEP) is a security protocol and encryption algorithm that secures wireless and Wi-Fi networks. It adds security and privacy to wireless local-area networks (WLANs) and helps them meet the security levels offered by wired LANs.
The WEP meaning was first introduced as part of the Institute of Electrical and Electronics Engineers’ (IEEE’s) 802.11 standard back in 1997. However, between 2001 and 2003, major security issues were discovered within WEP that could enable hackers to make malicious changes to wireless networks. As a result, IEEE deprecated the WEP-40 and WEP-104 keys.
What Is Wired Equivalent Privacy (WEP) Encryption?
Wireless security encryption methods are provided through an encryption algorithm that ensures data confidentiality for wireless networks. The WEP key is recognizable by using 10 or 26 hexadecimal digits that result in 40 or 104 bits, hence the names WEP-40 and WEP-104.
These WEP security features were the core standards for router configuration. They provided strong encryption, which ensured data could not be recognized by anyone it was not intended for.
How Does WEP Work?
WEP uses the Rivest Cipher 4 (RC4) stream cipher to encrypt data on 802.11a and 802.11b wireless devices, making data unrecognizable to hackers. WEP’s algorithm encrypts data packets as data is sent from a wireless access point or network card and decrypts the information once it has been received.
When WEP is deployed on a Wi-Fi network, it makes data unreadable to the human eye but still processable by computing devices that receive it. Data is encrypted by keys that are stored on wireless network adapters or the Windows Registry.
What Are the Keys of WEP?
A WEP key protects and maintains the integrity of data through the use of shared keys.
Unicast Session Key
A unicast session key protects data as it moves between the wireless access point, such as a router, and a wireless client, such as a laptop or mobile device. Unicast signifies that the data is transmitted between two network locations with one sender and one receiver. This includes unicast traffic and broadcast or multicast traffic that moves from the wireless access point to a specific client.
Multicast Key/Global Key
A multicast key, which is also referred to as a global key, protects broadcast and multicast traffic between a wireless access point and all the clients connected to it. Multicast signifies that data transmission occurs between a single sender and multiple recipients—or vice versa, meaning numerous senders and a single receiver.
WEP Authentication Methods
WEP uses two core authentication methods:
Open System Authentication (OSA)
OSA is a process that enables devices to access a wireless network that uses the WEP protocol. It provides authentication without performing client verification, which means any computer with a wireless modem can access the WEP and receive unencrypted files. OSA is a simple authentication approach that can be used with advanced network security authentication processes, such as 802.1X, pre-shared key (PSK) authentication, and the Extensible Authentication Protocol (EAP).
Shared Key Authentication (SKA)
SKA is a more complex approach in which a device uses WEP to access a wireless network. This process ensures that a secret key has been shared and verified for authentication. It begins with a client sending authentication to a wireless access point, which sends an encrypted file to the access point.
The client returns the file to the access point, and if it is the same as the file the access point has on record, it will know to grant the client access to the network.
Understanding the Difference Between WEP and WPA
WEP has similarities with Wi-Fi Protected Access (WPA), another security protocol that secures wireless networks. WPA is a concept designed to replace WEP. It also uses RC4. However, it is a 256-bit key protocol that uses Temporal Key Integrity Protocol (TKIP) to encrypt data.
Fortinet Wireless Security Protocols
Weak wireless networks allow cyber criminals to intercept and steal data shared between access points and devices. Failing to secure a network appropriately leaves it open to denial-of-service (DoS) attacks, data theft, malware attacks, and identity attacks.
Fortinet protects organizations’ wireless networks with its FortiGate next-generation firewalls (NGFWs). These firewalls safeguard organizations from known and evolving security threats and cyberattacks, block malware, and offer advanced visibility into wireless networks’ activity and risks. Fortinet NGFWs offer future updates that enable them to evolve in-line with the threat landscape, ensuring businesses are always secure against the latest, most sophisticated cyber threats.
Aside from Fortinet NGFWs, helpful wireless security tips your organization can implement against wireless network attacks include the use of encryption, firewalls, and virtual private networks (VPNs). Network users should also change the default name and password of a wireless network device, keep routers and devices updated, and protect devices with strong passwords and multi-factor authentication (MFA).