Why are permanent shared keys undesirable?
Answer: Permanent shared keys are undesirable because in large firms that have many access points sharing the same WEP key, the practical difficulties in changing everyone's key means that shared keys are almost never changed. In addition, because "everybody knows" the key, people share the key freely even when they are told not to. Worst of all, if a company fires a disgruntled employee, it must change the key on every access point for which the employee may know the key. In many cases, changing the key will be prohibitively expensive and will inconvenience many workers.
Learn More :
Corporate Computer Security
- How do wireless IDSs get their data?
- What is the purpose of a wireless IDS?
- How long must passphrases be for adequate security?
- How are PSK/personal keys generated?
- Why is using a shared initial key not dangerous?
- How do users in this mode authenticate themselves to the access point?
- What mode was created for homes or very small businesses with a single access point?
- Despite its security weaknesses, why do many companies continue to use WPA instead of 802.11i?
- What does the Wi-Fi Alliance call 802.11i?
- Compare WPA and 802.11i security.
- What prompted the Wi-Fi Alliance to create WPA?
- Should corporations today use WEP for security today?
- How long may WEP take to crack today?
- What mistake did the 802.11 Working Group make in selecting the length of the IV?
- What per-frame key does a WEP computer or access point use to encrypt when it transmits?
- What encryption algorithm does it use?
- What was the first core wireless security standard?
- Is 802.11i security strong? Explain.
- Distinguish between their options for inner authentication.
- What two extended EAP protocols are popular today?
- What authentication method or methods does outer authentication use?
- For 802.11i, distinguish between outer and inner authentication.
- What standard did the 802.3 Working Group create to extend 802.1X operation to WLANs with security for EAP?
- Why is it impossible to extend 802.1X operation using EAP directly to WLANs?