Managing Keys

One of the problems with the 802.11 standard is that it has no good way
of managing keys (Figure 4.4). The administrators who take care of your
wireless network are responsible for several methods of managing keys
with respect to:



Creating keys

Distributing keys among wireless users

Archiving/storing keys so that they don’t fall into the hands of a hacker

Auditing who has what cryptographic keys

Terminating keys that have become compromised

What happens if nobody takes care of these key management issues?
Your wireless network is highly vulnerable to a hacker attack. These
insecurities include:



WEP keys are not unique and can be compromised


Factory default passwords are prominently posted on hacker sites.
This means that no matter which access point you are using, you are
vulnerable if you have left your default administrative password
unchanged since deploying your WLAN.


Bad keys. Never make a key all zeros or all ones for the sake of convenience.
Those types of keys are the first detected by a hacker looking
to see how easy it will be to gain access to your wireless network.


Factory defaults must always be changed as they are the easiest and
simplest ways for a hacker to gain access.

The greatest difficulty is that the problem with managing keys grows
in proportion with the size of your organization and the number of keys
you will need to keep track of your wireless workforce.

To indicate how extensive the task of managing keys actually is, consider
that it is very difficult to scale your organization to change keys
often enough to randomize them sufficiently to protect you against a
hacker attack. In a large environment, you could be dealing with tens of
thousands of keys.
In essence, vigilance and time are required, besides the fact that you
must know how to protect your WLAN through the effective management
of your encryption keys.