Is WEP the most secure encryption in wireless network secu..

Archived from groups: (More info?)

In terms of wireless network security, is WEP encryption the
most secure choice?

I am the home user, and have multiple machines connect to
the wireless router inside the house. I worry about the
wireless security and people can hack the machines.

There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
I chose WEP 128 bits but not sure if this is the most
secure choice.

Any other suggestions to make the wireless network more secury?

Please advise. thanks!!
30 answers Last reply
More about secure encryption wireless network secu
  1. Archived from groups: (More info?)

    strutsng@gmail.com wrote:

    >In terms of wireless network security, is WEP encryption the
    >most secure choice?
    >
    >I am the home user, and have multiple machines connect to
    >the wireless router inside the house. I worry about the
    >wireless security and people can hack the machines.
    >
    >There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
    >I chose WEP 128 bits but not sure if this is the most
    >secure choice.
    >
    >Any other suggestions to make the wireless network more secury?
    >
    >Please advise. thanks!!
    >
    >
    >
    WEP is flawed. Anyone with the proper tools and time can break it.

    WPA is considered very secure if you use a good passphrase. Either TKIP
    or AES (WPA2).
  2. Archived from groups: (More info?)

    strutsng@gmail.com writes:

    >In terms of wireless network security, is WEP encryption the
    >most secure choice?

    No, it is not WPA is more secure. WEP is breakable with sufficient captured
    traffic.

    >I am the home user, and have multiple machines connect to
    >the wireless router inside the house. I worry about the
    >wireless security and people can hack the machines.

    Yes, they can.
    Make your essid hidden, so that the outsider has to try to figure out
    what your essid is to connect. Then make sure you have some encryption
    configured. If you are worried, make sure that the key is changed
    periodically.

    >There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
    >I chose WEP 128 bits but not sure if this is the most
    >secure choice.

    >Any other suggestions to make the wireless network more secury?

    >Please advise. thanks!!
  3. Archived from groups: (More info?)

    Jeffrey Goldberg wrote:
    > strutsng@gmail.com wrote:
    > > In terms of wireless network security, is WEP encryption the
    > > most secure choice?
    >
    > There is a very serious flaw in WEP which allows it to be cracked fairly
    > easily. If you have a choice between WEP and WPA go with WPA.
    >

    I am using linksys wireless router, and it doesn't support WPA, it has
    WEP.
    any ideas??
  4. Archived from groups: (More info?)

    > Make your essid hidden, so that the outsider has to try to figure out
    > what your essid is to connect. Then make sure you have some encryption
    > configured. If you are worried, make sure that the key is changed
    > periodically.

    No point in hiding the SSID if it's intentional intruders that are a
    worry, they'll just run Kismet and immediately find it.

    Similarly, WEP is equally pointless for deterring intentional intruders.
  5. Archived from groups: (More info?)

    strutsng@gmail.com wrote:

    > In terms of wireless network security, is WEP encryption the
    > most secure choice?
    >
    > I am the home user, and have multiple machines connect to
    > the wireless router inside the house. I worry about the
    > wireless security and people can hack the machines.
    >
    > There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
    > I chose WEP 128 bits but not sure if this is the most
    > secure choice.
    >
    > Any other suggestions to make the wireless network more secury?

    WEP will only stop casual intruders. With sufficient data, it can be
    broken. WPA is more secure, however you may also want to use a VPN.
  6. Archived from groups: (More info?)

    strutsng@gmail.com wrote:
    > In terms of wireless network security, is WEP encryption the
    > most secure choice?

    There is a very serious flaw in WEP which allows it to be cracked fairly
    easily. If you have a choice between WEP and WPA go with WPA.

    > I am the home user, and have multiple machines connect to
    > the wireless router inside the house. I worry about the
    > wireless security and people can hack the machines.

    Thank you. You would be surprised at how many home users are
    unconcerned about this sort of thing.

    > There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
    > I chose WEP 128 bits but not sure if this is the most
    > secure choice.

    If PSK is shorthand for WPA-PSK (which it probably is) than that is the
    best choice.

    -j
  7. Archived from groups: (More info?)

    On Tue, 27 Sep 2005 13:00:41 -0700, strutsng wrote:

    > In terms of wireless network security, is WEP encryption the
    > most secure choice?
    >
    > I am the home user, and have multiple machines connect to
    > the wireless router inside the house. I worry about the
    > wireless security and people can hack the machines.
    >
    > There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
    > I chose WEP 128 bits but not sure if this is the most
    > secure choice.
    >
    > Any other suggestions to make the wireless network more secury?
    >
    > Please advise. thanks!!

    WEP isn't recommended but it's better than no encryption. It would be best
    to use WPA or WPA2 encryption instead.
  8. Archived from groups: (More info?)

    "James Knott" <james.knott@rogers.com> wrote in message
    news:4aKdnUewnua1YaTenZ2dnUVZ_sudnZ2d@rogers.com...
    > strutsng@gmail.com wrote:
    >
    >> In terms of wireless network security, is WEP encryption the
    >> most secure choice?
    >>
    >> I am the home user, and have multiple machines connect to
    >> the wireless router inside the house. I worry about the
    >> wireless security and people can hack the machines.
    >>
    >> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
    >> I chose WEP 128 bits but not sure if this is the most
    >> secure choice.
    >>
    >> Any other suggestions to make the wireless network more secury?
    >
    > WEP will only stop casual intruders. With sufficient data, it can be
    > broken. WPA is more secure, however you may also want to use a VPN.
    >

    1. Use WPA not WEP
    2. Use a password that is at least 20 characters long.
    ( This will handle the weakness in WPA ... as per the latest
    research on WPA :-)

    or if you're wanting to up the security, you might want
    to consider a VPN (with a digital certificate), or
    a Radius authentication server (with digital certificates)

    Enjoy
    Postmaster
  9. Archived from groups: (More info?)

    strutsng@gmail.com wrote:
    >I am using linksys wireless router, and it doesn't support WPA, it has
    >WEP.

    Either upgrade the firmware so it does support WPA, or replace it with
    a more modern one (WRT54G is nice, and around $60) that does support
    WPA.
  10. Archived from groups: (More info?)

    Jeffrey Goldberg wrote:

    > Thank you. You would be surprised at how many home users are
    > unconcerned about this sort of thing.

    I recently did a scan at a friends home. There were 5 or 6 open WiFi
    connections available and only a couple using encryption.
  11. Archived from groups: (More info?)

    strutsng@gmail.com wrote:

    > I am using linksys wireless router, and it doesn't support WPA, it has
    > WEP.
    > any ideas??

    See if there's an update available. My SMC didn't originally support WPA,
    but does now.
  12. Archived from groups: (More info?)

    I have Linksys Wireless-G USB Kit with SpeedBooster
    (http://www.pcsforeveryone.com/product_info.php?products_id=20704),
    which contains Linksys WRT54GS v2 router and Linksys WUSB54GS network
    adapter.

    Does it have WPA support?

    WPA is the same as PSK? It has PSK-RADIUS, and RADIUS, which one is
    better?

    Ok, if someone really hacked my WEP key, then they can get in my
    machine and steal things?

    Please advise more...
  13. Archived from groups: (More info?)

    > I am using linksys wireless router, and it doesn't support WPA, it has
    > WEP.
    > any ideas??

    None, shall we continue to guess *which* Linksys wireless router or are
    you going to tell us? :)

    David.
  14. Archived from groups: (More info?)

    Unruh <unruh-spam@physics.ubc.ca> wrote:
    >wep is better than nothing. Remember that an attacker is going to have to
    >be located fairly near you ( but the house next door might be fine).

    True.

    >As I mentioned, hide the essid, make it complicated as well, so that the

    Silly.

    You *can't* hide the ESSID! You can turn off periodic
    broadcasting of the ESSID, but that does *not* hide it. It is,
    unencrypted, sent in every packet you transmit. The broadcast
    merely makes sure that you do in fact transmit a packet at
    short, regular intervals.

    The point of doing that is to allow a short "scan" to detect the
    presense of a network. The value is that it can be *avoided* if
    it will interfere with another network. Hence if you turn off
    ESSID broadcasts the likelyhood that a neighbor will fire up his
    wifi access point on the same channel as yours, is much greater
    than if the ESSID broadcast is enabled.

    If the neighbor is interested in cracking your network, the lack
    of an ESSID broadcast is *not* going to hide the existance of
    the network for longer than it takes you to use it. Which is to
    say that as soon as you actually do use it for traffic, your
    ESSID is available to the neighbor.

    >attacker cannot guess it. Again security by obscurity, but that sometimes

    It has *nothing* to do with security, obscure or otherwise.

    >works. If on the other hand you have issues that are worth thousands or
    >millions of dollars, buy a new wireless router that does support WPA, and
    >make sure that your connections are encrypted (ssh, VPN,...)

    All of the Linksys routers support WPA. The earlier /firmware/
    doesn't though, and either a Linksys upgrade or third party
    firmware can be downloaded and applied to add support for WPA.

    --
    Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
    Ukpeagvik (Barrow, Alaska) floyd@apaflo.com
  15. Archived from groups: (More info?)

    Jerry Park <NoReply@No.Spam> wrote in news:pJh_e.656$Qb6.412
    @bignews6.bellsouth.net:

    > strutsng@gmail.com wrote:
    >
    >>In terms of wireless network security, is WEP encryption the
    >>most secure choice?
    >>
    >>I am the home user, and have multiple machines connect to
    >>the wireless router inside the house. I worry about the
    >>wireless security and people can hack the machines.
    >>
    >>There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
    >>I chose WEP 128 bits but not sure if this is the most
    >>secure choice.
    >>
    >>Any other suggestions to make the wireless network more secury?
    >>
    >>Please advise. thanks!!
    >>
    >>
    >>
    > WEP is flawed. Anyone with the proper tools and time can break it.

    Yes and not much time either. Say around two minutes max.

    >
    > WPA is considered very secure if you use a good passphrase. Either TKIP
    > or AES (WPA2).

    Much stronger than WEP. Probably fine for most purposes.

    Klazmon.


    >
  16. Archived from groups: (More info?)

    strutsng@gmail.com wrote:

    > I am using linksys wireless router, and it doesn't support WPA, it has
    > WEP.
    > any ideas??

    Can you post the model number of your linksys? You did say earlier that
    among your choices was something called "PSK" (Private Shared Key).
    That may be a WPA mode.

    -j
  17. Archived from groups: (More info?)

    <strutsng@gmail.com> wrote in message
    news:1127882106.585473.170040@g44g2000cwa.googlegroups.com...
    >
    > Jeffrey Goldberg wrote:
    >> strutsng@gmail.com wrote:
    >> > In terms of wireless network security, is WEP encryption the
    >> > most secure choice?
    >>
    >> There is a very serious flaw in WEP which allows it to be cracked fairly
    >> easily. If you have a choice between WEP and WPA go with WPA.
    >>
    >
    > I am using linksys wireless router, and it doesn't support WPA, it has
    > WEP.
    > any ideas??
    >

    If you go out to the Linksys web site, you can download
    a newer version of the firmware for the box. This will
    add WPA.

    Other options:
    1. Use a VPN (openvpn, poptop)
    2. Use a Radius authentication server.
    3. Use a different router.
    4. Use this router as a front-end to another firewall,
    so you'll have WiFi (public, and open, and also
    have a secure private LAN).

    Enjoy
    Postmaster
  18. Archived from groups: (More info?)

    Postmaster wrote:
    > <strutsng@gmail.com> wrote in message
    > news:1127882106.585473.170040@g44g2000cwa.googlegroups.com...
    >
    >>Jeffrey Goldberg wrote:
    >>
    >>>strutsng@gmail.com wrote:
    >>>
    >>>>In terms of wireless network security, is WEP encryption the
    >>>>most secure choice?
    >>>
    >>>There is a very serious flaw in WEP which allows it to be cracked fairly
    >>>easily. If you have a choice between WEP and WPA go with WPA.
    >>>
    >>
    >>I am using linksys wireless router, and it doesn't support WPA, it has
    >>WEP.
    >>any ideas??
    >>
    >
    >
    > If you go out to the Linksys web site, you can download
    > a newer version of the firmware for the box. This will
    > add WPA.
    >
    > Other options:
    > 1. Use a VPN (openvpn, poptop)
    > 2. Use a Radius authentication server.
    > 3. Use a different router.
    > 4. Use this router as a front-end to another firewall,
    > so you'll have WiFi (public, and open, and also
    > have a secure private LAN).
    >
    > Enjoy
    > Postmaster

    There are also three other things to do here, which will provide some
    additional layers that someone would have to go through:

    1. Properly configure a local firewall on your computers. The router
    will provide protection from someone coming in via the hardwired ISP WAN
    connection, but will not protect you from someone trying to do
    computer-to-computer access via wireless.

    2. Disable the ESSID broadcast on the WAP. This disables the ability for
    someone to casually identify your WAP passively using common clients.
    Also change the ESSID from the default to something that is not
    associated with you or your location. The number of my neighbors who
    have WAPs in their homes was easy for me to determine, including their
    use of ESSID's that reflected their names or addresses or the defaults.
    I have spoken to each.

    3. Use MAC address filtering on the WAP, which links the WAP connection
    to the physical ID's of the wireless NIC's on your computers. It is
    possible to spoof MAC addresses, but it is one more thing for someone to
    do to get into your network.

    The key to security is layers. Do not depend upon a single protection
    mechanism.

    HTH,

    Marc Schwartz
  19. Archived from groups: (More info?)

    strutsng@gmail.com wrote:
    >Linksys WRT54GS v2 router

    >Does it have WPA support?

    Yes, make sure you have the latest firmware from Linksys for this
    router.

    >WPA is the same as PSK?

    Well, PSK is a subset of WPA. I don't have one set up here right now,
    but I've played with them a lot lately. You ought to have an
    encryption style, which will be {none,wep,wpa} and upon selecting WPA
    you'll get another selection of {psk,radius,etc}, and then upon
    selecting PSK you'll get {tkip,aes?}.

    You'll want WPA - PSK - TKIP with a non-dictionary passphrase.
  20. Archived from groups: (More info?)

    strutsng@gmail.com wrote:
    > I have Linksys Wireless-G USB Kit with SpeedBooster
    > (http://www.pcsforeveryone.com/product_info.php?products_id=20704),
    > which contains Linksys WRT54GS v2 router

    > Does it have WPA support?

    Yes it does.


    > WPA is the same as PSK?

    PSK, in this context, is a mode of operation of WPA. In your case, PSK
    is the best choice. (For environments in which there is a geeky system
    administrator at hand, I would advise RADIUS, but that requires a whole
    lot of other stuff to be set up on the network.)

    > It has PSK-RADIUS, and RADIUS, which one is
    > better?

    Use the one that offers PSK.

    > Ok, if someone really hacked my WEP key, then they can get in my
    > machine and steal things?

    Big question. It doesn't have a simple answer, which is why security
    issues are hard. If someone gets passed WEP, it means that they've
    gotten on to your network. The analogy that I like to use, is imagine
    if you had a wired home network and you ran some wires out from your
    house into the neighborhood for any to connect to.

    The rest depends on the security of any internal firewall you may have
    (say between your wireless and wired internal networks) and the security
    of the particular hosts on those networks and the communication between
    those hosts.

    So it is best to secure each machine on the network as best as possible
    on its own. Keep in mind that someone who gets onto your private
    network can sniff all the network traffic, so you don't want sensitive
    information (particularly) passwords traveling around your network
    unencrypted. If you have highly sensitive information, you should
    consider keeping that encrypted even on the disk. With Linux you can
    set up entire encrypted filesystems. (But if you forget the pass
    phrase, you're data is truly unrecoverable.)

    I'm sorry that there isn't a simple answer. For some purposes it is
    "good enough" to be better secured then your neighbors. There is the
    old joke of two men camping, and a bear starts threatening them at their
    campsite. One man starts to put on running shoes. The other says,
    "What are you doing? You can't out-run a bear." The first answers with,
    "I don't need to out-run the bear, I just need to out-run you."

    On the whole, this "good enough" is a bad approach. But nearly
    everything needs to be evaluated on a case by case basis. If you wish
    to publicly be more specific about your concerns, it will be much easier
    to give specific advice.

    -j
  21. Archived from groups: (More info?)

    strutsng@gmail.com writes:


    >Jeffrey Goldberg wrote:
    >> strutsng@gmail.com wrote:
    >> > In terms of wireless network security, is WEP encryption the
    >> > most secure choice?
    >>
    >> There is a very serious flaw in WEP which allows it to be cracked fairly
    >> easily. If you have a choice between WEP and WPA go with WPA.
    >>

    >I am using linksys wireless router, and it doesn't support WPA, it has
    >WEP.

    wep is better than nothing. Remember that an attacker is going to have to
    be located fairly near you ( but the house next door might be fine).
    As I mentioned, hide the essid, make it complicated as well, so that the
    attacker cannot guess it. Again security by obscurity, but that sometimes
    works. If on the other hand you have issues that are worth thousands or
    millions of dollars, buy a new wireless router that does support WPA, and
    make sure that your connections are encrypted (ssh, VPN,...)

    >any ideas??
  22. Archived from groups: (More info?)

    "Marc Schwartz" <MSchwartz@mn.rr.com> wrote in message
    news:fGw_e.75371$32.29810@tornado.rdc-kc.rr.com...
    > Postmaster wrote:
    >> <strutsng@gmail.com> wrote in message
    >> news:1127882106.585473.170040@g44g2000cwa.googlegroups.com...
    >>
    >>>Jeffrey Goldberg wrote:
    >>>
    >>>>strutsng@gmail.com wrote:
    >>>>
    >>>>>In terms of wireless network security, is WEP encryption the
    >>>>>most secure choice?
    >>>>
    >>>>There is a very serious flaw in WEP which allows it to be cracked fairly
    >>>>easily. If you have a choice between WEP and WPA go with WPA.
    >>>>
    >>>
    >>>I am using linksys wireless router, and it doesn't support WPA, it has
    >>>WEP.
    >>>any ideas??
    >>>
    >>
    >>
    >> If you go out to the Linksys web site, you can download
    >> a newer version of the firmware for the box. This will
    >> add WPA.
    >>
    >> Other options:
    >> 1. Use a VPN (openvpn, poptop)
    >> 2. Use a Radius authentication server.
    >> 3. Use a different router.
    >> 4. Use this router as a front-end to another firewall,
    >> so you'll have WiFi (public, and open, and also
    >> have a secure private LAN).
    >>
    >> Enjoy
    >> Postmaster
    >
    > There are also three other things to do here, which will provide some
    > additional layers that someone would have to go through:
    >
    > 1. Properly configure a local firewall on your computers. The router
    > will provide protection from someone coming in via the hardwired ISP WAN
    > connection, but will not protect you from someone trying to do
    > computer-to-computer access via wireless.
    >
    > 2. Disable the ESSID broadcast on the WAP. This disables the ability for
    > someone to casually identify your WAP passively using common clients.
    > Also change the ESSID from the default to something that is not
    > associated with you or your location. The number of my neighbors who
    > have WAPs in their homes was easy for me to determine, including their
    > use of ESSID's that reflected their names or addresses or the defaults.
    > I have spoken to each.
    >
    > 3. Use MAC address filtering on the WAP, which links the WAP connection
    > to the physical ID's of the wireless NIC's on your computers. It is
    > possible to spoof MAC addresses, but it is one more thing for someone to
    > do to get into your network.
    >
    > The key to security is layers. Do not depend upon a single protection
    > mechanism.
    >
    > HTH,
    >
    > Marc Schwartz

    Gee guys, we forgot the big-ie...

    Change the password on the router to something other
    than "admin" :-)

    -----------------
    and of course one might consider hiding in a toxic cloud ...

    Get another router with WAP, but hook up that old
    beast to a separate computer that is infested with
    viruses. Set it to channel 6, NO encryption, ESSID = linksys,
    Enable DHCP, Don't connect to the net, just to the
    honeypot/infested system, (change the password on the router),
    Export plenty of Windows shares with read-only permissions.
    ( Not drive C )
    and every few minutes send a Winpopup type message
    to your guests... "Come on in, the water is fine"
    And just let the invaders choke in a toxic cloud :-)

    Then at the same time, on your new router..

    1. Enable WAP (Use a 20+ character password)
    2. Enable MAC filtering.
    3. Change the router management password
    4. Disable broadcast of ESSID.
    5. Disable WAN ICMP (ping replies)
    6. Use a Radius authentication server.
    7. Use a VPN. ( IPSEC with certs )
    8. Enable router logging.
    9. Router's LAN side only goes to the internal firewall
    and VPN gateway.

    Now your comfortable fort is moderately secure and has a
    nifty toxic cloud, for the "casual" invader's entertainment :-)

    Enjoy,
    Postmaster
  23. Archived from groups: (More info?)

    > As I mentioned, hide the essid, make it complicated as well, so that the
    > attacker cannot guess it. Again security by obscurity, but that sometimes

    Any hacker isn't going to guess, they're just going to run kismet for
    example and it'll pop right up.

    Don't hide the SSID, it just makes it harder to find a free channel and
    doesn't add any security.

    David.
  24. Archived from groups: (More info?)

    Marc Schwartz wrote:

    > 1. Properly configure a local firewall on your computers

    Good advice.

    > 2. Disable the ESSID broadcast on the WAP.

    Absolutely useless.
    Casually connecting using common clients is already prevented even by
    using only WEP.
    This will not slow down people that really want to attack your network
    at all.

    > Also change the ESSID from the default

    That's usefull to prevent from accidentally associating with your
    neighbours network instead of your own if they buy the same brand access
    point.
    For security purposes again this is completely useless.

    > 3. Use MAC address filtering on the WAP, which links the WAP connection
    > to the physical ID's of the wireless NIC's on your computers. It is
    > possible to spoof MAC addresses,

    MAC address filtering is by far the easiest 'security measure' to
    circumvent.

    It can be useful to maybe alert an administrator or to log unregistered
    MAC adresses that try to associate but that usually doesn't happen in
    home situations.

    If someone is actually capable of cracking WEP they will not have any
    problem at all with any of the other mentioned "security layers" so
    don't even bother.

    As already mentioned:
    Just use WPA, make sure you use a _long_ and _random_ key and don't
    worry about the rest except the firewalls because it just doesn't add
    anything useful.

    Sander
  25. Archived from groups: (More info?)

    "Jeffrey Goldberg" <nobody@goldmark.org> wrote in message
    news:11jli7qvg7640d@news.supernews.com...
    > strutsng@gmail.com wrote:
    >
    >> I am using linksys wireless router, and it doesn't support WPA, it has
    >> WEP.
    >> any ideas??
    >
    > Can you post the model number of your linksys? You did say earlier that
    > among your choices was something called "PSK" (Private Shared Key). That
    > may be a WPA mode.
    >
    > -j
    >

    Step 1. Security mode -> WPA Preshared key
    Step 2 WPA Algorithm -> TKIP (Temporal Key Integrity Protocol)

    It's the temporal key exchanges that add the additional
    security of WPA. A key, is only a key for a short
    period of time, then the keys change. Thus making
    a sniff and capture much less interesting.

    Enjoy
    Postmaster.
  26. Archived from groups: (More info?)

    On Wed, 28 Sep 2005 15:40:03 GMT, "Postmaster" <postmaster@127.0.0.1>
    wrote:

    > -----------------
    > and of course one might consider hiding in a toxic cloud ...
    >
    > ...... <snip>
    >
    > Now your comfortable fort is moderately secure and has a
    > nifty toxic cloud, for the "casual" invader's entertainment :-)

    The US is just crazy enough that an intruder who choked on your toxic
    cloud would be able to sue you for setting a trap. I kid you not.
    Unfortunately.

    mike
  27. Archived from groups: (More info?)

    I want to make the wireless network at home becomes more secure, then I
    should make sure all connections are encrypted?

    I should setup VPN host or SSH at home, so that all machines are inside
    the VPN network? Does PC Anywhere work?


    please advise ...
  28. Archived from groups: (More info?)

    strutsng@gmail.com writes:

    >I have Linksys Wireless-G USB Kit with SpeedBooster
    >(http://www.pcsforeveryone.com/product_info.php?products_id=20704),
    >which contains Linksys WRT54GS v2 router and Linksys WUSB54GS network
    >adapter.

    >Does it have WPA support?

    >WPA is the same as PSK? It has PSK-RADIUS, and RADIUS, which one is
    >better?

    >Ok, if someone really hacked my WEP key, then they can get in my
    >machine and steal things?

    No. They can get onto your network. Linux machines need to be logged into.
    Ie there is yet another layer of protections-- your password to log onto
    your system. Now, if you make a habit of not using ssh to log from one
    machine to the other on your network, then they could monitor your network
    to find your password and then log onto your system and steal stuff.
    On the other hand if you do not do such things, then they will somehow need
    to get your password first before they can get into your machine.


    >Please advise more...
  29. Archived from groups: (More info?)

    floyd@apaflo.com (Floyd L. Davidson) writes:

    >Unruh <unruh-spam@physics.ubc.ca> wrote:
    >>wep is better than nothing. Remember that an attacker is going to have to
    >>be located fairly near you ( but the house next door might be fine).

    >True.

    >>As I mentioned, hide the essid, make it complicated as well, so that the

    >Silly.

    >You *can't* hide the ESSID! You can turn off periodic
    >broadcasting of the ESSID, but that does *not* hide it. It is,
    >unencrypted, sent in every packet you transmit. The broadcast
    >merely makes sure that you do in fact transmit a packet at
    >short, regular intervals.

    >The point of doing that is to allow a short "scan" to detect the
    >presense of a network. The value is that it can be *avoided* if
    >it will interfere with another network. Hence if you turn off
    >ESSID broadcasts the likelyhood that a neighbor will fire up his
    >wifi access point on the same channel as yours, is much greater
    >than if the ESSID broadcast is enabled.

    >If the neighbor is interested in cracking your network, the lack
    >of an ESSID broadcast is *not* going to hide the existance of
    >the network for longer than it takes you to use it. Which is to
    >say that as soon as you actually do use it for traffic, your
    >ESSID is available to the neighbor.

    >>attacker cannot guess it. Again security by obscurity, but that sometimes

    >It has *nothing* to do with security, obscure or otherwise.

    >>works. If on the other hand you have issues that are worth thousands or
    >>millions of dollars, buy a new wireless router that does support WPA, and
    >>make sure that your connections are encrypted (ssh, VPN,...)

    >All of the Linksys routers support WPA. The earlier /firmware/
    >doesn't though, and either a Linksys upgrade or third party
    >firmware can be downloaded and applied to add support for WPA.


    Thanks for the lesson. One of the wonderful features of netnews is that
    your own mistakes get rapidly corrected.
  30. Archived from groups: (More info?)

    jrefactors@hotmail.com wrote:

    > I want to make the wireless network at home becomes more secure, then I
    > should make sure all connections are encrypted?
    >
    > I should setup VPN host or SSH at home, so that all machines are inside
    > the VPN network? Does PC Anywhere work?

    Set up a VPN. There are several to chose from. Windows includes PPTP and
    others are available. I use OpenVPN, which comes with Linux and is also
    available for Windows.
Ask a new question

Read More

Configuration Encryption Wireless Network WEP Security Wireless Networking