Configuring Wireless Security : WEP

LP IRM – Nice Sophia-Antipolis

TP#004.1

Configuring Wireless security : WEP

Table of Contents

Configure WEP on AP and Client...... 1

Step 1 Configuring open access to the access point...... 2

Step 2 Configuring WEP on the access point...... 2

Step 4 Configure WEP on 408py using the client adapter utility...... 3

Step 5 Performance Tests ...... 4

Step 5 Using Airodump and WireShark...... 4

Find which is the more secure authentication mode ...... 4

Decrypt WEP trafic using Wireshark...... 5

More pratice ?...... 5

Step 6 Save configuration and reset AP...... 5

Configure WEP on AP and Client

Objective

In this lab, students will demonstrate an understanding of the role of a Wired Equivalent Privacy (WEP) key in network security. Additionally, students will learn how to enable WEP on an AP and on the client PC.

Scenario

The purpose of WEP is a first step to protect the privacy of transmitted data. WEP keys are used to encrypt the data signals the AP transmits and to decrypt the data signals the AP receives (and includes data transmitted and received by the client). Even if WEP use is deprecated, basic knowledge on the use of this protocol is mandadory before handing over with more updated technologies like WPA.

Topology

Note Detail of the PC below:

●408px (where x=1,3,5,7,9 ) is a Windows 2003Svr

●408py (where y=2,4,6,8,10 ) is a XP Pro

Preparation

The student PC should be connected to the AP through an (isolated wired network or) crossover cable.

The AP should be set to factory defaults.

Team / x= / y= / AP Name / SSID / AP address / 408px address / 408py address
12 / 1 / 2 / ap12 / tp12 / 10.0.12.101/24 / 10.0.12.x/24 / 10.0.12.y/24
34 / 3 / 4 / ap34 / tp34 / 10.0.34.101/24 / 10.0.34.x/24 / 10.0.34.y/24
...

Tools and Resources

Each team will need:

• One AP (with 4 antennas plugged-in !!!!!!)

• The AP power supply or source

• A PC that is connected to the same wired network as the AP (with one crossover cable)

• A wireless PC or laptop as a client

Additional Materials

ide_book09186a0080147d69.html

See your instructor for:

for this kind of documents

for networking and performance tools

for Cisco, NetGear and 3Com softwares, drivers, docs, ...

Step 1 Configuring open access to the access point

In order to configure WEP on the AP, complete the following steps:

a. Console to the AP in order to clear its configuration and set its BVI IP address according to the preparation table.

b.Open a Web browser on the 408px and type the IP address of the AP to configure it according to the preparation table (use Express Setup,Express Security and Networks Interfaces tabs)

c. Get your BSSID/MAC address using Home tab, NetStumbler or show dot11 bssid command

d. Verify connectivity from the wireless client 408py to the AP (force association to this AP using BSSID) with named profile tpXYOpenClear. Start NetStumbler to display the AP BSSID and Icon.

Step 2 Configuring WEP on the access point

Now you are sure you have a working access point, you will enter the process of WEP configuration.

Note: WEP keys can be entered in ASCII or hexadecimal on most equipments.

Cisco Aironet equipment requires WEP keys to be entered in hexadecimal.

●40-bit WEP keys are 10 hexadecimal characters long.

●128-bit WEP keys are 26 hexadecimal characters long.

To configure WEP on the 802.11G interface, follow the steps below:

a. Go to the Security Setup page of the AP and click on the Encryption Manager option. Check the radio button WEP Encryption Mode for WEP Encryption

b. Use the Pull Down Menu to select Mandatory: this will oblige the client to connect using WEP otherwise, it would be optional.

c. Select the Transmit Key in front of Encryption Key 1

d. Enter the Encryption key (for lab purposes will be) 12345678909876543210123456

e. Select the Key size 128 bits

1. Up to four WEP keys can be entered : why would you consider entering more than one ?

______

______

______

______

f. Click the Apply-Radio0 button to apply these options (means only on 802.11g interface) or click on Apply button if you only have one interface.

g. Once WEP is configured on the AP with a Mandatory option, all the clients will become

disassociated to this AP.

Also check with NetStumbler that the wireless network icon corresponding to your AP now appears with a lock.

View the SECURITY>Encryption Manager page. The WEP settings should be configured and the Encryption Key field should be stored in the AP. However, the Key field should be encrypted with asterisk symbols to prevent unauthorized users from viewing the Encryption Key.

2. What Encryption option allows client devices that can communicate with the AP either with or without WEP?

______

3.Guess which Icon would be shown by NetStumbler if Optional option was selected instead of Mandatory.

______

Step 4 Configure WEP on 408py using the client adapter utility

In order to configure the WEP settings on the wireless client adapter, complete the following steps:

a. Open the Aironet client utility by clicking on the ADU icon.

b. Create a new profile called tpXYopenWEP128 and click Modify button to edit the SSID and WEP settings.

c. Go to the General tab of the profile and enter the appropriate SSID (tpXY).

d. Go to the Security tab of the profile that is being used for the lab.

e. Configure the following settings for WEP:

1. Select the WEP setting – Pre-Shared Keys (Static WEP) and click on the Configure... button

2. Select the Key entry method – Hexadecimal

3. Select the WEP key 1

4. Select and enter the Transmit key [same entered in AP of course]

12345678909876543210123456

5. Select the WEP key Size – 128 bits

6. Click the OK button to apply the WEP settings to the client

7. The client should re-associate to the AP once WEP is enabled properly on the AP and the client adapter utility.

f. How many WEP keys can be stored on the Cisco client adapter ? and on the AP?

______

g. What happens if a device receives a packet that is not encrypted with the appropriate key?

______

h.Console to the AP and display the current configuration of the device (WEP128) and notice IOS commands that deal with encryption/wep.

Write the result of the command down here below with your comments

«show run»: interresting lines of the output / Comments

Step 5 Performance Tests

Using the netperf tools, you'll have to evaluate the side effect of using WEP on the effective throughput of your wireless link.

Netperf is a client-server tool: ask the instructor for instructions if you do not remember it from first lab.

1. First, check that you're not too much interferring with other AP's channels
2. Configure your wireless link connection according to following parameters (clear, WEP64, WEP128)
3. Start the netserver on 408px in a command console (netserver -h for help)
4. Start the netperf client on 408py in a command console with 408px as the target host machine (use -H target IP@).
   After few seconds, you'll get the effective throughput to repart in the table.

Throughput (Mbits/s) / Theory / clear / WEP 64 / WEP 128
802.11b
802.11g
802.11a

a. What are you comments concerning the difference between theorcial throughput and effective throughput ?

______

______

______

b. What are you comments concerning the difference between clear, WEP64 and WEP128 throughputs ?

______

______

______

Step 5 Using Airodump and WireShark

Find which is the more secure authentication mode

Note Deactivate and reactivate your wireless card on 408py is a sure way of forcing a new authentication & association process.

a.Go to the Advanced tab of the profile and check if the client can still associate if you modify the 802.11 authentication Mode from Open (default) to Shared (YES/NO) to Auto (YES/NO)

b. According to your experience, what is the more secure authentication method, shared key or open?

______

______

______

c.Now we will start to demonstrate it by starting airodump on 408px, selecting only the channel used by your AP.

Note When you select 0 (all channels) in airodump, the radio will hop among the available channels sequentially which means you will loose frames sent on one channel when your radio is currently listening to anotherone.

d. Repeat several client's associations in Open and then in Shared mode

e. Stop airodump and start Wireshark on the resulting .cap captured file

f. Using the 80211_Pocket_Referecne_Guide.pdf, find the appropriate filter to apply in order to display associations and authentications frames. Write down this filter:

______

______

______

g. Comment the results

______

______

______

______

Decrypt WEP trafic using Wireshark

There are legions of tools to crack a WEP key. Let's assume you cracked the WEP key of a wireless network or you already have it because you belong to it. Sniffing the network with airodump and importing the resulting captured file in Wireshark allows you to fully decryot the trafic if you have the WEP key.

a. Still in Wireshark with previous cap file displayed, select Edit and Preferences

b. Unfold the Protocol and select IEEE 802.11

c. Select Enable decryption and enter the WEP key

Suddenly LLC frames will become clear...

More pratice ?

Open the .cap file located in cap folder.
Guess the WEP 40 bits key (ten digits).

Menu Statistics/VoIPcalls and listen to the voice message.

Step 6 Save configuration and reset AP

If the configuration was saved to flash, save it using tftp32, erase the startup configuration and reload the AP.

apXY#erase startup-config

apXY#reload