How WEP (Wired Equivalent Privacy) Works

How WEP works?

WEP is one of the most popular encryption method in Wi Fi enviorment and Cisco mentioning this as a reasonably strong encryption method and it works in datalink layer. The main drawback of WEP is use of static keys it will give a chance to intruder to  do trial and error methods to decrypt the message

WEP is using RC4 algorithm to execute the key used for RC4 algorith is having two parts

1. Manually configured key (40 or 104 byte)
2. Randomly generated initialization vector (24 byte)

The data/plain text used for RC4 execution is also two parts

1. Planin text
2. 2. ICV (4 byte) using CRC 32 algorithm ie integrity check value

(WEP key + IV) XOR (Plain text + ICV) = Encrypted data

RC4 algorithm got two phases

1. Key stream generation
2. Encryption

Tx data = Encrypted data + Key ID + IV + FCV  (Key ID and IV in plain text)

We got four options to configure a WEP key the key ID will represent which one out of the four key should be used for the encryption

ICV is the integrity check vector it is to check the integrity of the plain text and it will avoid the chance of replay of the text or modification of data by an attacker. It uses CRC 32 algorithm

Normally IV start from 0 and incremented by 1 in every messages’. In new algorithms IV will start on random numbers and start incrementing as normal. Main use of IV is to avoid collisions coz if we use only wep key if a same data repeats twice the AP will consider new data as a duplicate and drop the packet but in case of IV it will provide randomness for the key we are using

Open WEP

In open WEP the client will send auth request if the SSID is same the auth will be successful then the client will encrypt data with the WEP key configured and AP will decrypt using the same key if the keys are not same neither the the AP nor the client can decrypt messages send each other and the communication fails

Shared WEP

Here before authentication the four way handshake will happen if the keys are not matching the client may not be able to authenticate at all the 4 process follows

1. Authentication request from client
2. AP will send a random generated text to client
3. Client encrypt the the text using WEP key
4. AP check the message and conform the encrypted keys are matching will send the authentication response to the client

Why should I choose Cisco Over Aruba For a Wireless Deployment

After working in WiFi domain for quite sometime I always heard the comparison between Cisco and Aruba but never found a document which clearly says why we should select a particular vendor. I am concluding here whatever I came to know from different sources. I hope this will help you to choose the vendor for your wireless deployment

1. Clean Air

Biggest advantage Cisco has over Aruba is Clean Air. Cisco's clean Air solution is much better compared to Aruba. Interference detection and self healing Cisco scores over Aruba especially after adding MSE to the testbed. Refer the competitive analysis from a third party

http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns1070/Miercom_Report_DR100409D_Cisco_CleanAir_Competitive_for_22Apr10.pdf

2. CCX and client troubleshooting capabilities : 

Next point is Cisco's proprietary CCX certification program which make bring most of client card vendors under an umbrella. In simple words CCX compact able clients are  more intelligent compared to conventional ones (Almost every client available today is CCX compact able). Let us take a quick example CCX client has  the ability to inform the AP about the noise he observe in a particular channel periodically. Based on this input an administrator can change the channel for this to work a customer dont want any costly devices. Most of the CCX implementations are now becoming standard still Cisco always hold the credit to start such an innovation. Another is client troubleshooting, I am still not convinced about how useful this feature is in a customer enviorment or any customer will be ready to experiment the same. Client troubleshooting can provide a user an option to troubleshoot why his client is not able to connect to the network provided you have a CCX Ver5 client with you. Using WCS this feature can be used in a better way.

3. Role based Access - ISE

Identity Service Engine (ISE),Cisco has already talk enough about this wonderful product believe me every single word you heard about this product is worth. I had personally worked on this and it is just amazing. For those who havnt heard about ISE, it is a 4in 1 solution for your ACS, NAC,Profiler and Guest Requirements. Personally I havnt worked on Arubas role based solutions but what I came to know from people who used it is Cisco solution is much better. Traditionally cisco used to categorize user just based on his  username ISE can provide close to another 200 option to categorize a user starts from user timezone to the website he is trying to access.

4. WIPS on client serving APs

Cisco APs has the ability to do the WIPS activities on an AP which is serving clients. WIPS is the ability of an AP to detect different set of wireless attacks from an intruder like DoS attack, deauth flood etc. Earlier Cisco used to have this support for the dedicated APs (Monitor mode) which dont serve client. Effectively this provides you a much better security in a lower cost.

5. Video Streaming

Cisco has a multicast unicast feature for Video streaming, this capability handles multicast video streams as uni cast for certain no of clients. I had personally used this feature and the effect is really visible in the performance. 

6. Cisco Brand

Apart from features as a brand Cisco always manage to make its customers happy. I always felt Cisco is more a customer driven company than a technology driven company. Anyway you have to depend on Cisco for your infrastructure so it make sense to have wireless solutions also from Cisco in the network. Single point of contact for all your solutions. In the department of customer support and documentation Cisco wins the race hands down . There is no vendor in the networking industry who can compete with Cisco in these aspects. The futuristic product line in wireless domain promises that they are very serious about wireless as a technology and they are going to invest enough on this domain. If they can integrate the wireless solutions to their infrastructure devices it can add lot of value to a customer.Another important point is it is easy to get a trained professionals on Cisco compared to any other vendor.

7. No of big customers

Cisco already control 50+ % in the WiFi market share. Most of the big financials in US and Europe trusted Cisco wireless solutions for the deployment. So it always good to deploy something which already used widely in the market than risk using a  new vendor