WEP 64

About this task

WEP (Wired Equivalent Privacy) is a security protocol specified in the IEEE Wi-Fi (Wireless Fidelity) standard. WEP is designed to provide a WLAN with a level of security and privacy comparable to that of a wired LAN.

WEP can be used with open, shared, MAC and 802.1 X EAP authentications. WEP is optimal for WLANs supporting legacy deployments when also used with 802.1X EAP authentication to provide user and device authentication and dynamic WEP key derivation and periodic key rotation. 802.1X provides authentication for devices and also reduces the risk of a single WEP key being deciphered. If 802.1X support is not available on the legacy device, MAC authentication should be enabled to provide device level authentication.

WEP 64 uses a 40-bit key concatenated with a 24-bit initialization vector (IV) to form the RC4 traffic key. WEP 64 is a less robust encryption scheme than WEP 128 (containing a shorter WEP algorithm for a hacker to potentially duplicate), but networks that require more security are at risk from a WEP flaw. WEP is only recommended when clients are incapable of using more robust forms of security. The existing 802.11 standard alone offers administrators no effective method to update keys.

To configure WEP 64 encryption on a WLAN:

Procedure

  1. Select Configuration → Wireless → Wireless LAN Policy to display available WLANs.
  2. Click Add to create an additional WLAN, or select an existing WLAN and click Edit to modify its security properties.
  3. Select Security.
  4. Select the WEP 64 check box from within the Select Encryption field.
    The screen populates with the parameters required to define a WEP 64 configuration for the new or existing WLAN.
    Click to expand in new window
    WLAN Security - WEP 64 Screen
  5. Configure the following WEP 64 settings:
    Generate Keys

    Specify a 4- to 32-character pass key and click Generate. The pass key can be any alphanumeric string. Wireless devices and their connected clients use the algorithm to convert an ASCII string to the same hexadecimal number. Clients without adapters need to use WEP keys manually configured as hexadecimal numbers.

    Keys 1-4 Use the Key #1-4 fields to specify key numbers. For WEP 64 (40-bit key), the keys are 10 hexadecimal characters in length. Select one of these keys for default activation by clicking its radio button. Selecting Show displays a key in exposed plain text.
    Restore Default WEP Keys Select this button to restore the WEP algorithm to its default settings.
    Default WEP 64 keys are as follows:
    • Key 1 1011121314
    • Key 2 2021222324
    • Key 3 3031323334
    • Key 4 4041424344
  6. Select OK when completed to update the WLAN's WEP 64 encryption configuration.

    Select Reset to revert to the last saved configuration.

What to do next

Before defining a WEP 64 supported configuration on a WLAN, refer to the following deployment guidelines to ensure the configuration is optimally effective:
  • Additional layers of security (beyond WEP) should be enabled to minimize the likelihood of data loss and security breaches. WEP enabled WLANs should be mapped to an isolated VLAN with firewall policies restricting access to hosts and suspicious network applications.
  • WEP enabled WLANs should be permitted access only to resources required by legacy devices.
  • If WEP support is needed for WLAN legacy device support, 802.1X EAP authentication should also be configured in order for the WLAN to provide authentication and dynamic key derivation and rotation.