A security administrator discovered that all communication over the company’s encrypted wireless
network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in
an attempt to steal other employee’s credentials. Which of the following technology is MOST likely in use
on the company’s wireless?

A.
WPA with TKIP

B.
VPN over open wireless

C.
WEP128-PSK

D.
WPA2-Enterprise

Explanation:
WEP’s major weakness is its use of static encryption keys. When you set up a router with a WEP
encryption key, that one key is used by every device on your network to encrypt every packet that’s
transmitted. But the fact that packets are encrypted doesn’t prevent them from being intercepted, and
due to some esoteric technical flaws it’s entirely possible for an eavesdropper to intercept enough WEPencrypted packets to eventually deduce what the key is.
This problem used to be something you could mitigate by periodically changing the WEP key (which is
why routers generally allow you to store up to four keys). But few bother to do this because changing
WEP keys is inconvenient and time-consuming because it has to be done not just on the router, but on
every device that connects to it. As a result, most people just set up a single key and then continue using
it ad infinitum.
Even worse, for those that do change the WEP key, new research and developments reinforce how even
changing WEP keys frequently is no longer sufficient to protect a WLAN. The process of ‘cracking’ a WEP
key used to require that a malicious hacker intercept millions of packets plus spend a fair amount of time
and computing power. Researchers in the computer science department of a German university recently
demonstrated the capability to compromise a WEP-protected network very quickly. After spending less
than a minute intercepting data (fewer than 100,000 packets in all) they were able to compromise a WEP
key in just three seconds.
Incorrect Answers:
B: WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium.
WiFi compliance ensures interoperability between different manufacturer’s wireless equipment. WPA is a
much improved encryption standard that delivers a level of security beyond anything that WEP can offer.
It bridges the gap between WEP and 802.11i (WPA2) networks. WPA uses Temporal Key Integrity Protocol
(TKIP), which is designed to allow WEP to be upgraded through corrective measures that address the
existing security problems. WPA is able to achieve over 500 trillion possible key combinations and rekeying of global encryption keys is required. The encryption key is changed after every frame using TKIP.
This allows key changes to occur on a frame by frame basis and to be automatically synchronizedbetween the access point and the wireless client. The TKIP encryption algorithm is stronger than the one
used by WEP. WPA is compatible with many older access points and network cards.
WPA with TKIP is considered more secure than WEP.
C: It’s very unlikely that each computer connected to the wireless access point is configured to use a VPN
connection. Furthermore, VPN connections are secure.
D: WPA2 is the latest implementation of WPA and provides stronger data protection and network access
control. It provides WiFi users with a higher level of assurance that only authorized users can access their
wireless networks. WPA2 is based on the IEEE 802.11i standard and provides government grade security.
802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless
LANs. It defines new encryption key protocols including the Temporal Key Integrity Protocol (TKIP) and
Advanced Encryption Standard (AES).
There are two versions of WPA2:
WPA2 Personal and WPA2 Enterprise. WPA2 Personal protects unauthorized network access by utilizing a
setup password. WPA2 Enterprise verifies network users through a server.
WPA2 is much more secure than WEP.

http://www.webopedia.com/DidYouKnow/Computer_Science/WEP_WPA_wireless_security.asp
http://www.onlinecomputertips.com/networking/wep_wpa.html