How can you mitigate threats in WLANS when static WEP keys are used?
A.
Provide different keys to the client and the access point
B.
Assign matching keys to the client and the access point
C.
Use SSID to provide security
D.
Use standard 802.11 WEP keys, which are very secure
Explanation:
content\166040\plo_content\ORG1114\COURSE166040\enus_011425\lsn_07\tpc_b\enus_011425_07b.xml
Open authentication is vulnerable to all of the known WEP attacks once a client is authenticated. Open authentication allows a client to associate and authenticate to an AP with or without a correct WEP key so long as the SSID is matching. However, data can not be encrypted and decrypted without matching WEP keys.
seems like C is definitely the best answer based on the available options, however hiding SSID (e.g. non-broadcast) can actually be less secure.
e.g.: http://lifehacker.com/5636856/is-hiding-your-wireless-ssid-really-more-secure
Copied from FAQ on Cisco Aironet Wireless Security:
“If I disable SSID broadcast, can I achieve enhanced security on a WLAN network?
A. When you disable SSID broadcast, SSID is not sent in Beacon messages. However, other frames such as, Probe Requests and Probe Responses still have the SSID in clear text. So you do not achieve enhanced Wireless security if you disable the SSID. The SSID is not designed, nor intended for use, as a security mechanism. In addition, if you disable SSID broadcasts, you can encounter problems with Wi-Fi interoperability for mixed-client deployments. Therefore, Cisco does not recommend that you use the SSID as a mode of security.
“
I’m quoting Cisco from PEC:
“The SSID should not be considered a security feature on any Cisco AP product!”
chapter Explaining Wireless Concepts
subchapter Mitigating Threats in WLANs
If we check the answers, they all are crap, but using SSID for Security is just not going to make it.
the correct answer should, when you using static wep keys rotate the keys as often as possible.
in WEP both keys and slots on the client and AP should match, so taking this into consideration i would pick answer B.
Here is another quote from the PEC training that explains it a bit more:
“Open authentication allows a client to associate and authenticate to an AP with or without a correct WEP key so long as the SSID is matching. However, data can not be encrypted and decrypted without matching WEP keys.