1. Home
  2. Wireless Networking
  3. Is WEP the most secure encryption in wireless network security?
  4. Page 2

Is WEP the most secure encryption in wireless network security?

Yes it does.

PSK, in this context, is a mode of operation of WPA. In your case, PSK is the best choice. (For environments in which there is a geeky system administrator at hand, I would advise RADIUS, but that requires a whole lot of other stuff to be set up on the network.)

Use the one that offers PSK.

Big question. It doesn't have a simple answer, which is why security issues are hard. If someone gets passed WEP, it means that they've gotten on to your network. The analogy that I like to use, is imagine if you had a wired home network and you ran some wires out from your house into the neighborhood for any to connect to.

The rest depends on the security of any internal firewall you may have (say between your wireless and wired internal networks) and the security of the particular hosts on those networks and the communication between those hosts.

So it is best to secure each machine on the network as best as possible on its own. Keep in mind that someone who gets onto your private network can sniff all the network traffic, so you don't want sensitive information (particularly) passwords traveling around your network unencrypted. If you have highly sensitive information, you should consider keeping that encrypted even on the disk. With Linux you can set up entire encrypted filesystems. (But if you forget the pass phrase, you're data is truly unrecoverable.)

I'm sorry that there isn't a simple answer. For some purposes it is "good enough" to be better secured then your neighbors. There is the old joke of two men camping, and a bear starts threatening them at their campsite. One man starts to put on running shoes. The other says, "What are you doing? You can't out-run a bear." The first answers with, "I don't need to out-run the bear, I just need to out-run you."

On the whole, this "good enough" is a bad approach. But nearly everything needs to be evaluated on a case by case basis. If you wish to publicly be more specific about your concerns, it will be much easier to give specific advice.

-j

Reply to
Jeffrey Goldberg
Loading thread data ...

wep is better than nothing. Remember that an attacker is going to have to be located fairly near you ( but the house next door might be fine). As I mentioned, hide the essid, make it complicated as well, so that the attacker cannot guess it. Again security by obscurity, but that sometimes works. If on the other hand you have issues that are worth thousands or millions of dollars, buy a new wireless router that does support WPA, and make sure that your connections are encrypted (ssh, VPN,...)

Reply to
Unruh

Gee guys, we forgot the big-ie...

Change the password on the router to something other than "admin" :-)

----------------- and of course one might consider hiding in a toxic cloud ...

Get another router with WAP, but hook up that old beast to a separate computer that is infested with viruses. Set it to channel 6, NO encryption, ESSID = linksys, Enable DHCP, Don't connect to the net, just to the honeypot/infested system, (change the password on the router), Export plenty of Windows shares with read-only permissions. ( Not drive C ) and every few minutes send a Winpopup type message to your guests... "Come on in, the water is fine" And just let the invaders choke in a toxic cloud :-)

Then at the same time, on your new router..

  1. Enable WAP (Use a 20+ character password) 2. Enable MAC filtering. 3. Change the router management password 4. Disable broadcast of ESSID. 5. Disable WAN ICMP (ping replies) 6. Use a Radius authentication server. 7. Use a VPN. ( IPSEC with certs ) 8. Enable router logging. 9. Router's LAN side only goes to the internal firewall and VPN gateway.

Now your comfortable fort is moderately secure and has a nifty toxic cloud, for the "casual" invader's entertainment :-)

Enjoy, Postmaster

Reply to
Postmaster

Any hacker isn't going to guess, they're just going to run kismet for example and it'll pop right up.

Don't hide the SSID, it just makes it harder to find a free channel and doesn't add any security.

David.

Reply to
David Taylor

Good advice.

Absolutely useless. Casually connecting using common clients is already prevented even by using only WEP. This will not slow down people that really want to attack your network at all.

That's usefull to prevent from accidentally associating with your neighbours network instead of your own if they buy the same brand access point. For security purposes again this is completely useless.

MAC address filtering is by far the easiest 'security measure' to circumvent.

It can be useful to maybe alert an administrator or to log unregistered MAC adresses that try to associate but that usually doesn't happen in home situations.

If someone is actually capable of cracking WEP they will not have any problem at all with any of the other mentioned "security layers" so don't even bother.

As already mentioned: Just use WPA, make sure you use a _long_ and _random_ key and don't worry about the rest except the firewalls because it just doesn't add anything useful.

Sander

Reply to
Sander

Step 1. Security mode -> WPA Preshared key Step 2 WPA Algorithm -> TKIP (Temporal Key Integrity Protocol)

It's the temporal key exchanges that add the additional security of WPA. A key, is only a key for a short period of time, then the keys change. Thus making a sniff and capture much less interesting.

Enjoy Postmaster.

Reply to
Postmaster

The US is just crazy enough that an intruder who choked on your toxic cloud would be able to sue you for setting a trap. I kid you not. Unfortunately.

mike

Reply to
Mike Preston

I want to make the wireless network at home becomes more secure, then I should make sure all connections are encrypted?

I should setup VPN host or SSH at home, so that all machines are inside the VPN network? Does PC Anywhere work?

please advise ...

Reply to
jrefactors

No. They can get onto your network. Linux machines need to be logged into. Ie there is yet another layer of protections-- your password to log onto your system. Now, if you make a habit of not using ssh to log from one machine to the other on your network, then they could monitor your network to find your password and then log onto your system and steal stuff. On the other hand if you do not do such things, then they will somehow need to get your password first before they can get into your machine.

Reply to
Unruh

Thanks for the lesson. One of the wonderful features of netnews is that your own mistakes get rapidly corrected.

Reply to
Unruh

Set up a VPN. There are several to chose from. Windows includes PPTP and others are available. I use OpenVPN, which comes with Linux and is also available for Windows.

Reply to
James Knott

I already download OpenVPN and use the sample configuration file for both server and client, I don't know what I am doing. I need to setup both server and client? I am not familar with VPN.

please advise more...

Reply to
jrefactors

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.