The WEP key on the card and the one on the router must match in order for the machine to connect to the router. If you don't want the WEP key, then do a hard reset of the router hold the *Reset* button for 30 seconds. That will set the router back to its default out of the box state and there will be no WEP-key in the router. It's a blank field on the router at that point. You can blank out the WEP-key on the wireless card setup too. You should be able to connect.
The install of the card has nothing to do with the router. The install has no way of knowing if you're using a WEP-key or not, so if you're not using a WEP-key, then you don't give it one when it ask.
I set a WEP key and everything working great. In doing this it found 2 other wireless connections (also open) and I thought no need since I live in the suburbs. So I think it is a wise thought to set security no matter where you live.
Others have answered the key question of how to enable/disable WEP (i.e in the router setup). However, if you're absolutely sure you did NOT enable WEP in your router, then there's a very good chance you're connecting to someone elses wireless router. (Especially if you didn't bother to change the SSID from the default "linksys").
That could very well have happened. The reason I switched out the card (my son's computer) is that the upload/download slowed down to a crawl when he was working on his web site. He might have inadvertently been logged on to one of these open routers or one of those might have logged on here.
I have a lot to learn about wireless. Three computers here but his is the only one that uses wireless, the other 2 are hard wired. From reading the newsgroup wondering if WEP will be strong enough for this location.
To the best of my knowledge, only 2wire wireless routers have unique SSID's and are shipped secure by default. Every time I try to make case for shipping secure by default, I get told that "it's too difficult".
Cracking WEP is currently trivial with commonly available tools. Search Google for "wep crack":
you'll find some of these tools. WEP is much better than nothing, especially to prevent accidental connections from other wireless users, but for security, WEP is a lost cause. WPA is the right answer.
This is in no way a go at you Jeff but out of curiosity, if you buy a car, do you get asked for proof that you are entitled to drive?
Certainly there are things that could be done but I guess the manufacturers just consider it an end user training issue (or read the instructions issue), just like when you buy a car, hand over the money and there's your car, it's your problem if you don't know how or are legally denied permission to drive.
The only way I could see it being consumer proof would be if mfrs insisted you bought only their kit throughout (as per IBM's old rules). Otherwise you'd be into the usual mess of ascii vs hex, wep vs wpa vs wpa2 etc etc and there'd be way too many returns. 2wire don't sell to consumers in Europe that I know of, perhaps there's a reason. Mark McIntyre
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
We're just talking unique SSIDs here, which is dead easy to implement. For example, the router could simply use its MAC address as (at least part of) the SSID.
Regardless, even unique security isn't all that hard to implement. For example, the router vendor could generate and pre-configure a unique good pseudo-random word-based pass phrase, print it out on a label, and stick the label to the bottom of the router. It could also provide an optional utility to configure WZC with that pass phrase.
There undoubtedly is, but nothing that's relevant to this discussion.
It's a fair question but I don't think it covers the situation. In the People's Republic of California, there is no need for the dealer to require that the owner know how to drive or even if they have a drivers license. That's handled by the registration process run by the Dept of Motor Vehicles which both demands a valid drivers license and substantial fees. The DMV also demands proof of residency, smog certificates, insurance, and some mechanical inspections. It's quite an ordeal process. By coincidence, I did blunder into one situation where the vehicle owner need not have a drivers license. Many senior citizens are no longer able to drive effectively and hire a driver to do the driving. However, they still retain ownership of the vehicle.
The problem with "secure by default" is that the buyer has a perceived assumption that all the acronyms and security features listed on the gaudy packaging are functional and operational on installation. A bad analogy would be if you purchased a vehicle with a sophisticated air bag system, and later discovered that it has to "personalized" in order to function correctly. (This was actually the case on one early driver side air bag system which required knowing the weight of the driver).
In the US, it is legal actionable to sue on the basis of "fitness of function" and "perceived utility". If I purchase a product that an average person or jury perceives as having a specific function, one can be sued for failure to provide that utility or function. If you look at the packaging of many wireless routers, I would tend to think I'm purchasing a security appliance or device to protect me from evil hackers. "Buy me and you'll be safe" is the common mantra. To the best of my knowledge, wireless routers are the only such safety devices that arrive will almost all the safety features disabled by default.
Even competent ISP's often don't have a clue. One local DSL ISP is selling and recommending DLink DI-624 wireless routers. They use DHCP to assign IP's. It's possible to punch the reset button and be instantly online without any subsequent configuration. If there's a possible router issue, punching reset is what support has the customer do, because it's soooooo easy. However, that also resets the wireless section to defaults, leaving the customer with a wide open wireless access point and zero security. I've been snarling at their support people for about 2 years trying to get them to cease and desist this habit. For the most part, it has been successful, but last week, it happened again.
I've covered my problems and adventures with trying to convince manufacturers to ship secure by default some time in the past. Just search for the phrase "secure by default".
Again, methinks that driving is a bad example. Also, the manufacturers are well within their rights to claim that security is the responsibility of the customer, not the manufacturer. Usually security is not an issue until something goes awry. Then the customer goes on a rampage demanding that the manufacturer, system provider (i.e. Dell), their ISP, or their computer guru, assume responsibility. I've heard the line "I thought this product was safe" which underscores the problem. If the responsibility was clearly and obvious defined, I would not have a problem.
However, it's not and I don't expect it to ever be, even in legalese. My answer is simple. When you punch the reset button, the router should be functionally useless and greet every port 80 request with a sign on page to setup a password. Sonicwall and Cayman/Netopia already do this. Next, the wireless will be turned off by default until a unique SSID is setup and a WEP/WPA key is set. This can also be done on the initial sign-on page. If a user wants to setup an open access point, they get to click "OK" to page or repudiation of responsibility legalese. That's literally a trivial firmware change. I won't go into the amazing responses I've gotten from manufacturers.
Anyway, if you follow my pitch line, just use the mantra "secure by default" when talking to the manufacturers or their support department. They're not stupid and eventually will get the clue.
Alcatel recently purchased 25% of 2wire which may change their distribution picture in Europe.
As for making the router customer proof, I don't think that's possible. I'm only proposing that it be either secure or non-operation by default. See my reply to Dave Taylor on the subject. All I want is that upon reset, the initial web page demands: 1. A configuration password. 2. SSID 3. WEP/WPA key The wireless part will not work until these conditions are met.
This is not the way 2wire does it. They pre-assign all of these and inscribe them on the serial number tag. The router arrives pre-configured and secure from the ISP. If you reset to default, the pre-assigned values remain. For a while, I was proposing that this method, but was eventually convinced that it was too much of a burden on the manufacturing process and support department (raising costs perhaps a few cents). So, I settled for the previously described method, where the wireless was non-functional until configured.
Yes, I understand and I'd like it too, if only I could work out a fool proof way to do it.
I'd go along with this.
But bear in mind that this is not providing security by default, its just improving the chances that it will get enabled. You'd have to put in yet more effort to stop someone typing "password" three times, or his own name, or his bank pin number, or any of the other common codes people use. Mark McIntyre
I don't know how you extracted that from my explanation of California vehicle registration, but methinks that it would be possible for wireless router manufacturers to impliment security by default without government interference errrr... assistance. Try reading what I wrote before twisting my meaning. I think I was rather clear about what is needed, why it's needed, how it should be implimented, and how it's not going to cost anything. Did I miss something?
Incidentally, turning wireless off by default has an interesting side issue. I've been watching whether Universal Plug and Play is on or off by default. First it was on, but that created "unexpected results" and some security issues. So, it got turned off. So, since MSN needs it to function, Microsoft applied some corrective pressure, and it was back on by default. Then, there was another security advisory, and off it went again. I think this is the current situation but I haven't checked recently. My guess(tm) is that shipping wireless off by default will go through a similar exercise.
Not to worry. The worlds supply of fools is in no danger of diminishing and may actually present a suitable market segment suitable for exploitation. The basic 3 questions I propose required to setup a wireless router are just the beginning. Having them available when the user sets up their client is a major problem. I don't have an easy answer for this. The various AOS magic setup utilities are suppose to address this. I think they only address part of the problem and are more difficult than setting up each part of the puzzle independently.
Of course. My fix is NOT a 100% solution. I don't think there will ever be a 100% security solution. I think you've read my rants on eliminating passwords as they are the absolute worst security problem I could think of. My list of passwords is now 380 entries long. To remain sane, I've re-used the same password a few times too many. If my list is compromised or stolen, I'm in BIG trouble. Passwords, shared pass phrases, and such are terrible security. They also do nothing for authentication, where someone else uses my password to impersonate me. If I had my way, I would shove X.509 certificates with an independent certificate authority down the customers throats, but even that's not perfect. I rather liked the idea of the manufacturers running an online RADIUS server such as:
but find my customers balking at the cost and administrative overhead.
Anyway, I don't think my 3 questions is going to be 100% security solution. My guess is about 63.9%. However, that's much better than the current implimentation which is zero wireless security.