Now What?

Okay, now that you understand how WEP works and you've seen some of its shortcomings, it's time to take a deep breath and acknowledge that WEP isn't perfect, but it's not the end of the world. First of all, cracking WEP is not a trivial task. It requires a certain degree of skill and tenacity to pull off the attack. In a low traffic environment, you'll also need lots of patience in order to collect the large volume of packets needed to successfully crack the key (or some additional skills to effectively mount a packet injection attack to trick the network into flooding traffic).

The obvious answer to the WEP problem is to extend the IV space and don't reuse IVs. These issues (and more) are addressed in the WPA protocol (see Chapter 5). If your environment doesn't support WPA, use WEP, but don't rely on it exclusively to keep your enterprise secure. At a minimum, change your WEP keys as often as practical and possible.