-6

If I am implementing WEP into my office infrastructure, which application should I be less concerned about?

  • File Share Traffic
  • Printer Traffic
  • Exchange Mail Server Traffic
  • SSL Traffic

Answer would be appreciated with appropriate reasoning.

Note: I came across this question from a cryptography trivia. By posting this question, I don't really plan on implementing WEP.

Ray
  • 11
  • 1
  • 1
    Implementing how? Setting up WEP Wifi? That is always a bad idea. – BadSkillz Aug 06 '15 at 07:37
  • 6
    Why would you even do WEP? What is this, 1998? And what on earth does this question mean? – Gilles 'SO- stop being evil' Aug 06 '15 at 07:37
  • Nobody on earth would want to use WEP now a days knowing the fact that the key could easily be broken within 60 seconds. It's a question from Cryptography Trivia Quiz and I believe it should be SSL traffic. Even, if an attacker succeeds to compromise the WEP network, SSL encrypted traffic will not be readable. – Ray Aug 06 '15 at 07:49
  • @Ray : Why don't you use WPA ? If an attacker has access to your network at L2 layer, multiple attacks can be launched, from ARP poisoning to rogue DHCP, etc... If everybody is telling not to use WEP, there is a reason ! – r00t Aug 06 '15 at 08:38

1 Answers1

5

The answer is that you should not be implementing WEP into an office or any other environment. WEP is deprecated as it has serious security issues. Instead I would recommend using something like WPA2-PSK or for larger environments 802.1x authentication with PEAP or similar.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • Please not WPA. WPA uses RC4 and is also somewhat "easy" to break. WPA2 should be the protocol of choice. – SEJPM Aug 06 '15 at 07:46
  • fair point I'll edit to make that point clear, I was really just trying to get across that WEP is a bad idea. – Rory McCune Aug 06 '15 at 07:51
  • It's a question from Cryptography Trivia Quiz and I believe it should be SSL traffic. Even, if an attacker succeeds to compromise the WEP network, SSL encrypted traffic will not be readable. What's your opinion? – Ray Aug 06 '15 at 07:52
  • 2
    @Ray ahh I see, you should probably mention that in the question, people might think you were actually serious about deploying WEP! yeah of those assuming that it's a single answer multi-choice, I'd say that SSL traffic which (if done correctly) implements server authentication and protection for data in transit would be the one you would worry about least. – Rory McCune Aug 06 '15 at 07:57
  • @SEJPM AES is an option with WPA. Might not be default – Natanael Aug 09 '15 at 10:38