WEP is useless?

Hi,

i am a stranger to this section...dont come here often.

anyway.

so i have WEP on my home network rite now... but i ve read that WEP aint that good.

any hacker can crack it with 64 bit encryption.


SO i want to know.. how to secure my home network ?

Is there smthg more secure than WEP?

 

WPA is much more secure.

 

Wep takes about 1 and 1/2 sodas to crack. And Im talking about cans of soda. WPA2, however, takes around 80 2 liters, on a good day.

 

WEP isn't as secure as it used to be. Script kiddies use it today for target practice and can even be hacked in 5-20 minutes with expertise.

WPA is more secure. To make your network safer you can:

- Change the default router name that comes from the factory (netgear, linksys, etc). Try to use something that is not a common name, Ray's router is NOT even remotely secure. Try something alpanumeric but not too complicated.

- Change the router's password.

- Before setting up WPA, generate a 63 character key using one of the many generators you can find online.

- Use MAC address filtering, this will allow ONLY the devices you want to access your network and/or to accept connections from.

- Turn off SSID broadcasting once everything is set up. This will hide your network from other systems that may be able to see it. Windows automatically detects wireless networks with this feature turned on so you can select which network is yours and connect to it (how many networks can you see in your neighborhood?).

With SSID broadcasting turned off only you will be able to see the wireless router (network) as you have the information regarding its name. It will take a few days (months) of dedicated packet sniffing to even find it and even longer (weeks/years?) to try cracking the WPA key, especially if it is a long one. That, and cracking the router will take even longer.

- Change the WPA key every once in a while.

- Write down the admin access and password to the router and keep it somewhere secure. You can also keep the WPA generated key written down or saved on a file somewhere.

With these settings you should be more than secure, unless you have a VERY VERY VERY VERY dedicated snooper (or the CIA) willing to spend that much time trying to piggyback on your internet connection, they usually won't want to spend much time trying to do so and will just move on to easier prey.

 

The only security that works is WPA/WPA2. Disabling SSID broadcasting, MAC address filtering, reducing transmit power, and changing the SSID name is just optional icing on the security cake.

 

WEP is better than open. As said previously, WPA is better than WEP. I had to configure WEP rather than WPA on a relative's home network a couple of years ago when I was travelling because his work notebook's hardware was not capable of handling WPA.

I am actually going cellular and dumping my home network, along with the landline and DSL.

 

Why do you guys need so much security?

 

Yeah, but makes things more difficult.

 

Why not? When half of your personal life gets transmitted in the form of passwords and whatnot...why NOT try to make sure your network is safe?

Not to mention I'd prefer to keep 'other' people off of my network so they don't steal my internet bandwidth.

 

How do you know that someone is using your bandwidth?

 

Set your laptops ip address as a dns server on the router and run wireshark.

 

All good security involves is placing a few barricades in place (encyption, firewall, passwords, ...) and employing some common sense computing habits and practices. And it really does not take any additional time out of your day.

 

The logs in your router are the best source.

 

Or you can simply run Network Magic and see a block diagram of elements in the network, but my point is this, I have been here for a long time, and I have never gotten anyone connected into my network.

 

I know, I know how to do it, there are 100 ways to do it, but the point I wanted to get through is that sometime we paranoid and we go after the impossible.

Beside all the good things that vista does by itself, just be careful how you use your laptop, never have your PC to remember passwords or user ID's, is longer as you have to enter them all the time, but safer. Also, schedule password and user ID's changes, every 3 months, change them all.

 

I've always used the ratio of Spam:Real in my email as a good indicator on when to change ISPs.

 

WEP is useful for cracking into. Just arm up with a packet sniffer, and viola! :laugh:

 

When your router and modem's status lights blink away while your computers and gadgets are turned off.

 

Very good Dave, I'm impressed.

 

It's always struck me that the bottom line is - you'll never be able to stop a determined, experienced hacker unless you (a) quit wireless, or (b) spend tons of $$ on things only the NSA really wants. The flip-side, of course, is that most of us will never be targeted by a really determined, expert hacker, and so most of the time option (b) is just a waste of money.

What you really need is basically just enough security to keep the bored, the curious, and the petty thieves away - the guy who wants to free-load off of your wireless to download porn so either (a) his wife won't be able to find the ISP logs if/when she divorces him, or (b) his parents won't find out.

Now, obviously, since script-kiddies are practicing on WEP, that's no good - if anything it's an invitation to precisely the sort of threat you're most likely to deal with. On that basis, WPA is probably generally adequate security, MAC filtering is useful, and changing your router's UID and PW to something nonobvious is just common sense. SSID is just another little distractor that's useful for keeping away the low-level threats you're most likely to face - bored neighbors who're curious and/or want to d/l porn without getting caught (at least they think they won't get caught ).

The biggest low-cost/high-values thing you can do really are: (a) set up WPA as security, (b) use MAC filters, and (c) change UID and PW on the router. And, of all of those, if you do just one thing, change the UID and PW on the router to something nonobvious. If you don't do that, you're just asking for some bored neighbor to log on, configure settings to his/her advantage, and then lock you out of your own router by setting the UID and PW to something only he/she would think of.

 

Yep, that's right on the nail.

 

Although WPA with a pre-shared key is now crackable, provided it (the key) is in a dictionary file...but maybe I shouldn't go into much depth. :laugh:

 

MAC filtering is easier to circumvent than WEP. And kind of a pain to maintain if there is any variability in your network. Turning off SSID broadcast is usually good. WPA is good. Changing the Admin id/password and the general id/password on the router is good. a good, long, non-obvious key is good. etc, etc, etc ...

 

Continue, is getting interesting.

 

The best advise is to use as long of a passkey as you can comfortably remember. I just string together an easy sentence like "Goodlucktryingtocrackthisfaglet" and bam, there is a passkey that will take god knows how long to brute force. Even with so called dictionary attacks.

Telephone numbers are also an idea.

You don't need to make a passkey that you can't remember. Because that just makes it a pain in the rear and makes people more lax about security. I could give you 100 of the world's best super computers and dare you to crack my WPA key. Something that long has just way way too many combinations to brute force.

 

Network Magic?? Are you kidding??

Thats for beginners and newbies to networking!!!!

 

Yeah, if someone has as much knowledge as you or me, I'm not aware of any way as of yet to bypass that security measure, as WPA does have much better (and more) encryption algorithms, in my understanding.

However, 7GB dictionary files are available, and that's a bloody LOT of text. There's a good chance that a large percentage of WPA networks are in fact accessible to a dedicated individual in a position to manipulate the network, and running Linux of course.

 

7 Gig dictionaries? Mines 20.

 

That's insane. Did you download it? On my connection that would take a bit more than a month.

 

okay guys, so u have convinced me to change to WPA.

but problem..

i dont know how to setup a WPA ...coz default is WEP.

my router is 2Wire 2700HGV-2

could someone guide me ..

and will all connected devices have to be re-configured once i move to WPA?

 

That's right, I was talking to a newbie when I said that.

 

I took this from a good article, easy to follow ( http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx)

Configure WPA-PSK for Your Router or Access Point

The first step in constructing an ultra secure home network is to set up your WPA capable router or access point for WPA-PSK. Use a wired connection, if possible, to specify these settings since a wired connection will not be impacted if you make a mistake. Start by accessing the administrative internal Web page of your access point or router.

Note: The WPA configuration interface for WPA-enabled access points or routers may vary. Some may provide total configurability for both enterprise users with WPA configuration screens and menus and home users with WPA-PSK screens and menus. Some equipment targeted specifically at the residential market may provide only WPA-PSK capability and offer fewer configuration options.

The Buffalo Technologies Air Station offers a full implementation of WPA and WPA-PSK for both enterprise and home users. I've configured this router as a "g only" device to maximize performance. (I'll be writing more about 802.11g in a future column.)

Following are the steps I used to configure this equipment for WPA-PSK after accessing the Web administration interface. Note that other vendor's equipment may have a slightly different interface but the procedures should be very similar.



1. Locate a menu labeled Security or Network Authentication. Choices for WEP, WPA, WPA-PSK, and NONE will be available from this menu. In Figure 1, this is labeled Network Authentication. (Buffalo Technology makes it simple to configure all wireless settings because they all are found on a single administrative page under LAN Setting, Wireless.)

2. Click WPA-PSK.

3. Enter a hard-to-guess passphrase (between 8 and 63 characters) in the WPA Pre Shared Key field. This is also known as a Shared Secret.

4. Enter a Rekey Interval (normally the unit is seconds).

5. Click Apply or Reset, depending on the vendor's implementation.



Configure WPA-PSK on Windows XP

After you've set up your router or access point for WPA-PSK, you'll need to configure the wireless properties on each computer for WPA-PSK as follows:

1. Right-click the wireless connection icon in the notification area, and then click View Available Wireless Networks.

2. Select the WPA-PSK capable network you want to attach to by clicking the SSID (Service Set Identifier). As shown in Figure 2, I am configuring the SSID buffalog.

3. Enter the Shared Secret (passphrase) in the Network Key field and again in the Confirm Network Key field as shown in Figure 2. Although the text refers to a network key, the passphrase can be entered here.

4. Click Connect.


You can also configure WPA-PSK or edit an already configured Shared Secret by clicking the Advanced button shown in Figure 2. The Wireless Network Connection Properties dialog box opens.

• If the Wireless Network is not already configured and does not appear in the lower window, select it, and then click Configure.

• If a Wireless Network is already a Preferred network and appears in the lower window, select it, and then click Properties.


The Network name (SSID) of the access point or router you are configuring is displayed, as shown in Figure 4.

1. Select WPA-PSK from the Network Authentication box.

2. Use the default TKIP Data encryption method.

3. Enter the Shared Secret/Passphrase that you entered in the wireless router or access point under Network key.

4. Enter the Shared Secret/Passphrase a second time under Confirm network key, and then click OK.


You should now be able to successfully connect to your extremely-secure WPA-PSK-enabled router or access point.

 

The plus that wpa has over wep is that the encryption is changed every frame.

 

Fair enough re: MAC filtering - however, like turning off SSID, it's primarily intended to make it just difficult enough, when done along with all the other largely useless measures, to encourage the idle and the bored to go try your neighbor's router instead. Although, if MAC filtering is as easy to jimmy as WEP, then, like WEP, it may have become merely another attractant for script-kiddies, which would augur against using it, based on my own argument concerning WEP.

 

That definitely works. While I had my router running, I used a 63-character WPA key. While it's impossible to remember such a thing, you can transport the key with a USB drive and copy-paste.

 

And I can keep your USB drive safe here in my house, or in case you don't trust me, put it in a safe at the bank.

 

I over-write the text file after i'm done setting up the Wi-Fi connection

 

Hahahahaha, that's the ultimate security strategy, even yourself cannot access your own network

 

I downloaded a 7 gig one then made the program I was using get new words by searching a folder I told it to. Of course, the folder contained my copy of Encyclopedia Brittanica. I have to get rid of the dublicates in the files one of these days, but thats effort.

 

Aha. Cool beans, dude.

 

My router always has the key, but you need to have a wired connection and the password.

 

I remember back in high school when I got bored and had just finished repairing an old Dell Inspiron Laptop (2001 model). I threw linux on there, and instead of finishing calculus homework, I proceeded to hack all 5 of the nearby WEP enabled networks using its pathetically puny processor. It seriously took less than 20 minutes in each case. Then I went wardriving (wireless hacking with a laptop in a moving vehicle) or whatever it's called for the hell of it.

In other words, pretty much anyone here on notebookreview.com could figure out who to do a WEP hack in under 30 minutes. Technically you could figure out how to do WPA in the same amount of time, but actually cracking the given passcode could actually be impossible given a WPA2 network and a really complex passphrase.

 

you just made me feel stupid =(

 

The dictionary file is the easy part.

Something to consider when you setup security on your router

Cracking WPA is a six step process

1. Sniff for a computer on the target network
2. Send deauthentication packet to target computer
3. Capture the four way handshake when target computer reauthenticates
4. In WPA, the passkeys are hashed with the SSID, so you start hashing likely passkeys with the network's SSID
5. Compare hashtable with captured network key
6. If no match, restart at step 4. If there is a match BOO YA!!!!

Of course, the hardest part is the number of combinations of hashkeys is ginormous. Considering the minimum passkey is eight characters long, and most passkeys are alpha numberic, there are god knows how many combinations of passkeys. And that is a 8 char one. I think this is a factorial equation, but I don't remember how to set it up. I just know even an 8 char is with an uncommon SSID is almost impervious to brute force attacks.

Lesson learned?

Change your default router password.

Change your default router SSID

The longer the passkey, the better. I use a 10 char one myself.

 

there is something about Hacking that makes me so enthusiastic.

I can talk about it for hours...and listen for days.

So now i have enabled MAC filtering on my network. and gonna Setup WPA soon.

rite now its WEP

 

smart move!!!!!!!!!!

 

I want your honest answer, was it of any help the insrtructions to setup WPA?

 

I like the way one of my professors put it: WEP is less secure than an unsecured network because it gives you the illusion of security.

 

Psh. WEP will block 99.9% of users out there. I'd take that over unsecure anyday. Seriously, while it's easy to crack WEP, who here has the tools RIGHT now to do it?

 

Definitely, very elaborative.

+Rep