In article , David Josty wrote: :I want to use a Wireless Ethernet Bridge as a kind of "cable-less cable" to :connect remote areas together.
:What do you think about the security ?
[Note: I have added alt.internet.wireless as it is a very valuable source of information about wireless practices and security.]What are your risks? How much is an outsider (or insider!) going to desire to crack your security? How narrow can you make the beam, how weak can you make it and get the throughput you want, how much can you insulate to cut down the beam from outside access? If you are thinking of 802.11b or 802.11g then three good common insulators are metal, books, and live tree-leaves (i.e., water cuts WiFi signals by quite a bit.) I see your posting server is in France; if the installation is to be outdoors, I seem to recall that you would have to use 802.11a in France: that has slightly but significantly different signal characteristics.
If you use 64 bit WEP and an intruder can monitor your signal for about 6 hours, they *will* be able to crack your WEP key.
128 bit WEP has basically the same flaw; the standard technical report on the WEP64 flaw says that WEP128 should take only twice as long to crack, but the various field reports I happen to have seen suggest it is closer to 4 times as long. Either way, someone who can monitor your signal for less than a day -can- crack a WEP128 key.The replacement for WEP is WPA. If you look around, you will find the statement that WPA has been cracked. I looked into that recently, and though I might have missed something, it appeared that what was being referred to was a dictionary attack, sort of similar to "John the Ripper" against standard unix passwords. If your key is not a combination of words findable in some dictionary, then even on a fast machine there would be a long search. I imagine that in time someone will organize a distributed.net type distributed WPA key cracking party just to show it can be done: that implies a fundamental weakness with WPA to the extent that your opponents are likely to be rich, dedicated, and well-organized... so don't go around using the link for billions in electronic funds transfers!
The way to avoid WEP and WPA problems is to have the traffic pass through a good secure VPN encryption (e.g., IPSec with AES-512) so that even if the opponents do manage to break the wireless key, they get left with the much harder task of breaking your VPN.
Consumer-grade wireless ethernet bridges such as the linksys WET11 support WEP128 but not WAP. You can get wireless ethernet bridges with stronger security, either by using one of the variant firmwares available for some of the 802.11G devices, or by getting a commercial-grade device such one by Cisco.
If you are seriously considering what is essentially a consumer-grade device then I very much recommend that you examine user reviews of the devices, especially if you are looking at one of the very popular 802.11g devices. I looked around recently, and found that even the top-selling devices are only rated "mediocre" at best: the reviews of even the top-selling devices were, I found, filled with people saying they can't get connections, the connections break, the devices break, the support -really- s*cks, and that they would never *ever* buy the device again :( In that regard, you reduce your risk significantly by seperating functions: buy a wireless device that has a good track record of holding the signal, and buy a -seperate- security device.
Alternately, go for a commercial-grade device in the first place: even if the list price is 8 times as much, consider the "time is money" factor, and that if you have a business need for this kind of device, then the amount your organization might save by getting through to a *real* technical support organization might be worth many many times the price difference against a consumer company device from a company that is selling at so little markup that they can't afford a support organization that does more than read from a script.