It's important to note that Rothberg did not mention in his article that WEP has been cracked and that there are tools such as WEPCrack and AirSnort available online to break them. AT&T labs has described a method which will break a WEP key in 15 minutes. Thus, if you have sensitive data, it is very important to use a VPN system overlay to authenticate your users and encrypt your data. In the cases where a VPN is used, the useless WEP is discarded because in larger businesses it's impossible to take the system down to change all the WEP keys. This is because WEP uses the same key for the entire system. His numbers of only 14% of systems secure is very deceiving. To accurately make a measurement of open systems, one must actually have been able to connect to something on the other side of the wireless connection.

For a home user, look for access points that disable SSID broadcasts. The Linksys WAP 11 can do this with a software download from the manufacturer's web site.

Although very useful, be aware that MAC Address filtering cannot be relied upon because there are no standards that require client card manufacturers to have MAC addresses that cannot be altered. It is possible on many client cards to re-program the MAC address to match ones seen over the air with tools like Netstumbler. But most hackers don't know how to do this. It's another layer on the onion.

Another simple thing to do -- password securing all shared drives and resources. If access is gained to the network through the Wired LAN or Wireless LAN, it's important to safeguard your files and printer paper. LAN Jacking does occur, but is not a sensational a topic.

By all means, when 802.11i security becomes available, upgrade the defective WEP in your wireless network to secure the MAC layer.

Konrad Roeder
Consulting Systems Engineer
http://www.springswireless.com