4 Replies Latest reply: Nov 28, 2007 6:52 AM by LittleSaint
Tom Keyes Level 2 Level 2 (225 points)
can someone tell me the difference between the WEP key and the password for my wireless router? i have set a password to get on the wireless network but not done anything about the Key. does that mean someone can get on with the Key even if they do not know the password? or, does setting the password automatically change the Key?

TIA
Tom

G5/dual2GHz, PBG4, Mac OS X (10.3.x)
  • Austin Kinsella1 Level 6 Level 6 (11,520 points)
    The password controls who can log on to the router and change settings. You do not need to be logged on to the router to have it route your packets. But if the wireless hub part of the router is using WEP encryption you need to know the encryption key for it to accept packets from you for routing.

    WEP is not very secure. Someone with a sniffer (laptop in a car outside your house, neighbour ...) only needs to capture about 20-30 minutes of traffic to be able to work out the key in use.

    AK
  • Tom Keyes Level 2 Level 2 (225 points)
    thanks. i realize that WEP is not secure - you can get software on the internet to crack it - which is why i'm interested in this question. i don't know much about networking. so, someone gets my key. they have free use of my internet connection, which is not such a huge deal. i still have a firewall and pwd protection of my computer. what else can they do? can they monitor my internet traffic, like if i'm sending a CC number? is there a good palce to read about the ABC of wireless security?

    TIA
    Tom
  • Austin Kinsella1 Level 6 Level 6 (11,520 points)
    Yes, they can use your internet connection. As you say, no big deal UNLESS they start misusing it, deliberately or otherwise. For example, they get free use of your connection, use a PC on it, get hacked, and next thing there is a spambot spewing out spam by the megabyte on YOUR connection. Who get shut off?

    With your firewall in place on the mac your mac itself should be reasonably secure.

    Yes, they can sniff your traffic to the wireless hub. However, if you are sending credit card numbers presumably it is to a web page, and you wouldn't even consider doing that unless it was to a secure (https, little padlock shows closed onthe browser) page, in which case the details you send are encrypted.

    I would suggest two further steps you should take, if you haven't already. Firstly, tell the wireless hub not to broadcast its SSID. This will make it less visible to casual bad guys, but you will have to tell the mac what SSID to use (probably each time you connect). Secondly, tell the hub only to accept connections from specific ethernet addresses, and give it the address of your wireless card.

    If you are serious about the security you should consider changing from WEP to WPA, which is much harder to crack but also harder to configure.

    For more info try google - something like basic wireless security or security wep wpa should produce many hits!

    AK
  • LittleSaint Level 4 Level 4 (2,900 points)
    Disabling SSID broadcast and restricting MAC addresses are in the same boat as WEP keys as far as security goes in that they are considered a false sense of security. These items are sent across the air same as WEP and are easily sniffed out.

    The best security is to use WPA with AES encryption (commonly called WPA2) if possible. TKIP encryption (commonly called WPA) is OK if not all hardware involved supports AES. The important part is to choose a passphrase the is completely random (letters, caps, numbers) and at least 20 characters long. Even with a supercomputer, passphrases of this complexity would take years to crack.