Is WEP the most secure encryption in wireless network secu..

G

Guest

Guest
Archived from groups: (More info?)

In terms of wireless network security, is WEP encryption the
most secure choice?

I am the home user, and have multiple machines connect to
the wireless router inside the house. I worry about the
wireless security and people can hack the machines.

There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
I chose WEP 128 bits but not sure if this is the most
secure choice.

Any other suggestions to make the wireless network more secury?

Please advise. thanks!!
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com wrote:

>In terms of wireless network security, is WEP encryption the
>most secure choice?
>
>I am the home user, and have multiple machines connect to
>the wireless router inside the house. I worry about the
>wireless security and people can hack the machines.
>
>There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
>I chose WEP 128 bits but not sure if this is the most
>secure choice.
>
>Any other suggestions to make the wireless network more secury?
>
>Please advise. thanks!!
>
>
>
WEP is flawed. Anyone with the proper tools and time can break it.

WPA is considered very secure if you use a good passphrase. Either TKIP
or AES (WPA2).
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com writes:

>In terms of wireless network security, is WEP encryption the
>most secure choice?

No, it is not WPA is more secure. WEP is breakable with sufficient captured
traffic.

>I am the home user, and have multiple machines connect to
>the wireless router inside the house. I worry about the
>wireless security and people can hack the machines.

Yes, they can.
Make your essid hidden, so that the outsider has to try to figure out
what your essid is to connect. Then make sure you have some encryption
configured. If you are worried, make sure that the key is changed
periodically.

>There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
>I chose WEP 128 bits but not sure if this is the most
>secure choice.

>Any other suggestions to make the wireless network more secury?

>Please advise. thanks!!
 
G

Guest

Guest
Archived from groups: (More info?)

Jeffrey Goldberg wrote:
> strutsng@gmail.com wrote:
> > In terms of wireless network security, is WEP encryption the
> > most secure choice?
>
> There is a very serious flaw in WEP which allows it to be cracked fairly
> easily. If you have a choice between WEP and WPA go with WPA.
>

I am using linksys wireless router, and it doesn't support WPA, it has
WEP.
any ideas??
 
G

Guest

Guest
Archived from groups: (More info?)

> Make your essid hidden, so that the outsider has to try to figure out
> what your essid is to connect. Then make sure you have some encryption
> configured. If you are worried, make sure that the key is changed
> periodically.

No point in hiding the SSID if it's intentional intruders that are a
worry, they'll just run Kismet and immediately find it.

Similarly, WEP is equally pointless for deterring intentional intruders.
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com wrote:

> In terms of wireless network security, is WEP encryption the
> most secure choice?
>
> I am the home user, and have multiple machines connect to
> the wireless router inside the house. I worry about the
> wireless security and people can hack the machines.
>
> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
> I chose WEP 128 bits but not sure if this is the most
> secure choice.
>
> Any other suggestions to make the wireless network more secury?

WEP will only stop casual intruders. With sufficient data, it can be
broken. WPA is more secure, however you may also want to use a VPN.
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com wrote:
> In terms of wireless network security, is WEP encryption the
> most secure choice?

There is a very serious flaw in WEP which allows it to be cracked fairly
easily. If you have a choice between WEP and WPA go with WPA.

> I am the home user, and have multiple machines connect to
> the wireless router inside the house. I worry about the
> wireless security and people can hack the machines.

Thank you. You would be surprised at how many home users are
unconcerned about this sort of thing.

> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
> I chose WEP 128 bits but not sure if this is the most
> secure choice.

If PSK is shorthand for WPA-PSK (which it probably is) than that is the
best choice.

-j
 

Johnny

Distinguished
Mar 15, 2001
216
0
18,680
Archived from groups: (More info?)

On Tue, 27 Sep 2005 13:00:41 -0700, strutsng wrote:

> In terms of wireless network security, is WEP encryption the
> most secure choice?
>
> I am the home user, and have multiple machines connect to
> the wireless router inside the house. I worry about the
> wireless security and people can hack the machines.
>
> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
> I chose WEP 128 bits but not sure if this is the most
> secure choice.
>
> Any other suggestions to make the wireless network more secury?
>
> Please advise. thanks!!

WEP isn't recommended but it's better than no encryption. It would be best
to use WPA or WPA2 encryption instead.
 
G

Guest

Guest
Archived from groups: (More info?)

"James Knott" <james.knott@rogers.com> wrote in message
news:4aKdnUewnua1YaTenZ2dnUVZ_sudnZ2d@rogers.com...
> strutsng@gmail.com wrote:
>
>> In terms of wireless network security, is WEP encryption the
>> most secure choice?
>>
>> I am the home user, and have multiple machines connect to
>> the wireless router inside the house. I worry about the
>> wireless security and people can hack the machines.
>>
>> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
>> I chose WEP 128 bits but not sure if this is the most
>> secure choice.
>>
>> Any other suggestions to make the wireless network more secury?
>
> WEP will only stop casual intruders. With sufficient data, it can be
> broken. WPA is more secure, however you may also want to use a VPN.
>

1. Use WPA not WEP
2. Use a password that is at least 20 characters long.
( This will handle the weakness in WPA ... as per the latest
research on WPA :)

or if you're wanting to up the security, you might want
to consider a VPN (with a digital certificate), or
a Radius authentication server (with digital certificates)

Enjoy
Postmaster
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com wrote:
>I am using linksys wireless router, and it doesn't support WPA, it has
>WEP.

Either upgrade the firmware so it does support WPA, or replace it with
a more modern one (WRT54G is nice, and around $60) that does support
WPA.
 
G

Guest

Guest
Archived from groups: (More info?)

Jeffrey Goldberg wrote:

> Thank you. You would be surprised at how many home users are
> unconcerned about this sort of thing.

I recently did a scan at a friends home. There were 5 or 6 open WiFi
connections available and only a couple using encryption.
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com wrote:

> I am using linksys wireless router, and it doesn't support WPA, it has
> WEP.
> any ideas??

See if there's an update available. My SMC didn't originally support WPA,
but does now.
 
G

Guest

Guest
Archived from groups: (More info?)

I have Linksys Wireless-G USB Kit with SpeedBooster
(http://www.pcsforeveryone.com/product_info.php?products_id=20704),
which contains Linksys WRT54GS v2 router and Linksys WUSB54GS network
adapter.

Does it have WPA support?

WPA is the same as PSK? It has PSK-RADIUS, and RADIUS, which one is
better?

Ok, if someone really hacked my WEP key, then they can get in my
machine and steal things?

Please advise more...
 
G

Guest

Guest
Archived from groups: (More info?)

> I am using linksys wireless router, and it doesn't support WPA, it has
> WEP.
> any ideas??

None, shall we continue to guess *which* Linksys wireless router or are
you going to tell us? :)

David.
 
G

Guest

Guest
Archived from groups: (More info?)

Unruh <unruh-spam@physics.ubc.ca> wrote:
>wep is better than nothing. Remember that an attacker is going to have to
>be located fairly near you ( but the house next door might be fine).

True.

>As I mentioned, hide the essid, make it complicated as well, so that the

Silly.

You *can't* hide the ESSID! You can turn off periodic
broadcasting of the ESSID, but that does *not* hide it. It is,
unencrypted, sent in every packet you transmit. The broadcast
merely makes sure that you do in fact transmit a packet at
short, regular intervals.

The point of doing that is to allow a short "scan" to detect the
presense of a network. The value is that it can be *avoided* if
it will interfere with another network. Hence if you turn off
ESSID broadcasts the likelyhood that a neighbor will fire up his
wifi access point on the same channel as yours, is much greater
than if the ESSID broadcast is enabled.

If the neighbor is interested in cracking your network, the lack
of an ESSID broadcast is *not* going to hide the existance of
the network for longer than it takes you to use it. Which is to
say that as soon as you actually do use it for traffic, your
ESSID is available to the neighbor.

>attacker cannot guess it. Again security by obscurity, but that sometimes

It has *nothing* to do with security, obscure or otherwise.

>works. If on the other hand you have issues that are worth thousands or
>millions of dollars, buy a new wireless router that does support WPA, and
>make sure that your connections are encrypted (ssh, VPN,...)

All of the Linksys routers support WPA. The earlier /firmware/
doesn't though, and either a Linksys upgrade or third party
firmware can be downloaded and applied to add support for WPA.

--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) floyd@apaflo.com
 
G

Guest

Guest
Archived from groups: (More info?)

Jerry Park <NoReply@No.Spam> wrote in news:pJh_e.656$Qb6.412
@bignews6.bellsouth.net:

> strutsng@gmail.com wrote:
>
>>In terms of wireless network security, is WEP encryption the
>>most secure choice?
>>
>>I am the home user, and have multiple machines connect to
>>the wireless router inside the house. I worry about the
>>wireless security and people can hack the machines.
>>
>>There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
>>I chose WEP 128 bits but not sure if this is the most
>>secure choice.
>>
>>Any other suggestions to make the wireless network more secury?
>>
>>Please advise. thanks!!
>>
>>
>>
> WEP is flawed. Anyone with the proper tools and time can break it.

Yes and not much time either. Say around two minutes max.

>
> WPA is considered very secure if you use a good passphrase. Either TKIP
> or AES (WPA2).

Much stronger than WEP. Probably fine for most purposes.

Klazmon.


>
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com wrote:

> I am using linksys wireless router, and it doesn't support WPA, it has
> WEP.
> any ideas??

Can you post the model number of your linksys? You did say earlier that
among your choices was something called "PSK" (Private Shared Key).
That may be a WPA mode.

-j
 
G

Guest

Guest
Archived from groups: (More info?)

<strutsng@gmail.com> wrote in message
news:1127882106.585473.170040@g44g2000cwa.googlegroups.com...
>
> Jeffrey Goldberg wrote:
>> strutsng@gmail.com wrote:
>> > In terms of wireless network security, is WEP encryption the
>> > most secure choice?
>>
>> There is a very serious flaw in WEP which allows it to be cracked fairly
>> easily. If you have a choice between WEP and WPA go with WPA.
>>
>
> I am using linksys wireless router, and it doesn't support WPA, it has
> WEP.
> any ideas??
>

If you go out to the Linksys web site, you can download
a newer version of the firmware for the box. This will
add WPA.

Other options:
1. Use a VPN (openvpn, poptop)
2. Use a Radius authentication server.
3. Use a different router.
4. Use this router as a front-end to another firewall,
so you'll have WiFi (public, and open, and also
have a secure private LAN).

Enjoy
Postmaster
 
G

Guest

Guest
Archived from groups: (More info?)

Postmaster wrote:
> <strutsng@gmail.com> wrote in message
> news:1127882106.585473.170040@g44g2000cwa.googlegroups.com...
>
>>Jeffrey Goldberg wrote:
>>
>>>strutsng@gmail.com wrote:
>>>
>>>>In terms of wireless network security, is WEP encryption the
>>>>most secure choice?
>>>
>>>There is a very serious flaw in WEP which allows it to be cracked fairly
>>>easily. If you have a choice between WEP and WPA go with WPA.
>>>
>>
>>I am using linksys wireless router, and it doesn't support WPA, it has
>>WEP.
>>any ideas??
>>
>
>
> If you go out to the Linksys web site, you can download
> a newer version of the firmware for the box. This will
> add WPA.
>
> Other options:
> 1. Use a VPN (openvpn, poptop)
> 2. Use a Radius authentication server.
> 3. Use a different router.
> 4. Use this router as a front-end to another firewall,
> so you'll have WiFi (public, and open, and also
> have a secure private LAN).
>
> Enjoy
> Postmaster

There are also three other things to do here, which will provide some
additional layers that someone would have to go through:

1. Properly configure a local firewall on your computers. The router
will provide protection from someone coming in via the hardwired ISP WAN
connection, but will not protect you from someone trying to do
computer-to-computer access via wireless.

2. Disable the ESSID broadcast on the WAP. This disables the ability for
someone to casually identify your WAP passively using common clients.
Also change the ESSID from the default to something that is not
associated with you or your location. The number of my neighbors who
have WAPs in their homes was easy for me to determine, including their
use of ESSID's that reflected their names or addresses or the defaults.
I have spoken to each.

3. Use MAC address filtering on the WAP, which links the WAP connection
to the physical ID's of the wireless NIC's on your computers. It is
possible to spoof MAC addresses, but it is one more thing for someone to
do to get into your network.

The key to security is layers. Do not depend upon a single protection
mechanism.

HTH,

Marc Schwartz
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com wrote:
>Linksys WRT54GS v2 router

>Does it have WPA support?

Yes, make sure you have the latest firmware from Linksys for this
router.

>WPA is the same as PSK?

Well, PSK is a subset of WPA. I don't have one set up here right now,
but I've played with them a lot lately. You ought to have an
encryption style, which will be {none,wep,wpa} and upon selecting WPA
you'll get another selection of {psk,radius,etc}, and then upon
selecting PSK you'll get {tkip,aes?}.

You'll want WPA - PSK - TKIP with a non-dictionary passphrase.
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com wrote:
> I have Linksys Wireless-G USB Kit with SpeedBooster
> (http://www.pcsforeveryone.com/product_info.php?products_id=20704),
> which contains Linksys WRT54GS v2 router

> Does it have WPA support?

Yes it does.


> WPA is the same as PSK?

PSK, in this context, is a mode of operation of WPA. In your case, PSK
is the best choice. (For environments in which there is a geeky system
administrator at hand, I would advise RADIUS, but that requires a whole
lot of other stuff to be set up on the network.)

> It has PSK-RADIUS, and RADIUS, which one is
> better?

Use the one that offers PSK.

> Ok, if someone really hacked my WEP key, then they can get in my
> machine and steal things?

Big question. It doesn't have a simple answer, which is why security
issues are hard. If someone gets passed WEP, it means that they've
gotten on to your network. The analogy that I like to use, is imagine
if you had a wired home network and you ran some wires out from your
house into the neighborhood for any to connect to.

The rest depends on the security of any internal firewall you may have
(say between your wireless and wired internal networks) and the security
of the particular hosts on those networks and the communication between
those hosts.

So it is best to secure each machine on the network as best as possible
on its own. Keep in mind that someone who gets onto your private
network can sniff all the network traffic, so you don't want sensitive
information (particularly) passwords traveling around your network
unencrypted. If you have highly sensitive information, you should
consider keeping that encrypted even on the disk. With Linux you can
set up entire encrypted filesystems. (But if you forget the pass
phrase, you're data is truly unrecoverable.)

I'm sorry that there isn't a simple answer. For some purposes it is
"good enough" to be better secured then your neighbors. There is the
old joke of two men camping, and a bear starts threatening them at their
campsite. One man starts to put on running shoes. The other says,
"What are you doing? You can't out-run a bear." The first answers with,
"I don't need to out-run the bear, I just need to out-run you."

On the whole, this "good enough" is a bad approach. But nearly
everything needs to be evaluated on a case by case basis. If you wish
to publicly be more specific about your concerns, it will be much easier
to give specific advice.

-j
 
G

Guest

Guest
Archived from groups: (More info?)

strutsng@gmail.com writes:


>Jeffrey Goldberg wrote:
>> strutsng@gmail.com wrote:
>> > In terms of wireless network security, is WEP encryption the
>> > most secure choice?
>>
>> There is a very serious flaw in WEP which allows it to be cracked fairly
>> easily. If you have a choice between WEP and WPA go with WPA.
>>

>I am using linksys wireless router, and it doesn't support WPA, it has
>WEP.

wep is better than nothing. Remember that an attacker is going to have to
be located fairly near you ( but the house next door might be fine).
As I mentioned, hide the essid, make it complicated as well, so that the
attacker cannot guess it. Again security by obscurity, but that sometimes
works. If on the other hand you have issues that are worth thousands or
millions of dollars, buy a new wireless router that does support WPA, and
make sure that your connections are encrypted (ssh, VPN,...)

>any ideas??
 
G

Guest

Guest
Archived from groups: (More info?)

"Marc Schwartz" <MSchwartz@mn.rr.com> wrote in message
news:fGw_e.75371$32.29810@tornado.rdc-kc.rr.com...
> Postmaster wrote:
>> <strutsng@gmail.com> wrote in message
>> news:1127882106.585473.170040@g44g2000cwa.googlegroups.com...
>>
>>>Jeffrey Goldberg wrote:
>>>
>>>>strutsng@gmail.com wrote:
>>>>
>>>>>In terms of wireless network security, is WEP encryption the
>>>>>most secure choice?
>>>>
>>>>There is a very serious flaw in WEP which allows it to be cracked fairly
>>>>easily. If you have a choice between WEP and WPA go with WPA.
>>>>
>>>
>>>I am using linksys wireless router, and it doesn't support WPA, it has
>>>WEP.
>>>any ideas??
>>>
>>
>>
>> If you go out to the Linksys web site, you can download
>> a newer version of the firmware for the box. This will
>> add WPA.
>>
>> Other options:
>> 1. Use a VPN (openvpn, poptop)
>> 2. Use a Radius authentication server.
>> 3. Use a different router.
>> 4. Use this router as a front-end to another firewall,
>> so you'll have WiFi (public, and open, and also
>> have a secure private LAN).
>>
>> Enjoy
>> Postmaster
>
> There are also three other things to do here, which will provide some
> additional layers that someone would have to go through:
>
> 1. Properly configure a local firewall on your computers. The router
> will provide protection from someone coming in via the hardwired ISP WAN
> connection, but will not protect you from someone trying to do
> computer-to-computer access via wireless.
>
> 2. Disable the ESSID broadcast on the WAP. This disables the ability for
> someone to casually identify your WAP passively using common clients.
> Also change the ESSID from the default to something that is not
> associated with you or your location. The number of my neighbors who
> have WAPs in their homes was easy for me to determine, including their
> use of ESSID's that reflected their names or addresses or the defaults.
> I have spoken to each.
>
> 3. Use MAC address filtering on the WAP, which links the WAP connection
> to the physical ID's of the wireless NIC's on your computers. It is
> possible to spoof MAC addresses, but it is one more thing for someone to
> do to get into your network.
>
> The key to security is layers. Do not depend upon a single protection
> mechanism.
>
> HTH,
>
> Marc Schwartz

Gee guys, we forgot the big-ie...

Change the password on the router to something other
than "admin" :)

-----------------
and of course one might consider hiding in a toxic cloud ...

Get another router with WAP, but hook up that old
beast to a separate computer that is infested with
viruses. Set it to channel 6, NO encryption, ESSID = linksys,
Enable DHCP, Don't connect to the net, just to the
honeypot/infested system, (change the password on the router),
Export plenty of Windows shares with read-only permissions.
( Not drive C )
and every few minutes send a Winpopup type message
to your guests... "Come on in, the water is fine"
And just let the invaders choke in a toxic cloud :)

Then at the same time, on your new router..

1. Enable WAP (Use a 20+ character password)
2. Enable MAC filtering.
3. Change the router management password
4. Disable broadcast of ESSID.
5. Disable WAN ICMP (ping replies)
6. Use a Radius authentication server.
7. Use a VPN. ( IPSEC with certs )
8. Enable router logging.
9. Router's LAN side only goes to the internal firewall
and VPN gateway.

Now your comfortable fort is moderately secure and has a
nifty toxic cloud, for the "casual" invader's entertainment :)

Enjoy,
Postmaster
 
G

Guest

Guest
Archived from groups: (More info?)

> As I mentioned, hide the essid, make it complicated as well, so that the
> attacker cannot guess it. Again security by obscurity, but that sometimes

Any hacker isn't going to guess, they're just going to run kismet for
example and it'll pop right up.

Don't hide the SSID, it just makes it harder to find a free channel and
doesn't add any security.

David.
 

Sander

Distinguished
Apr 2, 2004
45
0
18,530
Archived from groups: (More info?)

Marc Schwartz wrote:

> 1. Properly configure a local firewall on your computers

Good advice.

> 2. Disable the ESSID broadcast on the WAP.

Absolutely useless.
Casually connecting using common clients is already prevented even by
using only WEP.
This will not slow down people that really want to attack your network
at all.

> Also change the ESSID from the default

That's usefull to prevent from accidentally associating with your
neighbours network instead of your own if they buy the same brand access
point.
For security purposes again this is completely useless.

> 3. Use MAC address filtering on the WAP, which links the WAP connection
> to the physical ID's of the wireless NIC's on your computers. It is
> possible to spoof MAC addresses,

MAC address filtering is by far the easiest 'security measure' to
circumvent.

It can be useful to maybe alert an administrator or to log unregistered
MAC adresses that try to associate but that usually doesn't happen in
home situations.

If someone is actually capable of cracking WEP they will not have any
problem at all with any of the other mentioned "security layers" so
don't even bother.

As already mentioned:
Just use WPA, make sure you use a _long_ and _random_ key and don't
worry about the rest except the firewalls because it just doesn't add
anything useful.

Sander