WEP not good?? ..... how safe are we?

Question

Level 1

26 points

WEP not good?? ..... how safe are we?

hi, we have 4 computers and 3 mobile phones in the house.
we have previously been using WPA-PSK, all working fine.

But now, my bro has a new nokia phone, and he cant pick up wi-fi with router set to WPA.....when we change the security to WEP.....his phone picks up wifi connection.

Ive heard WEP is no good as its easy to hack into?
What are the consequences? say if someone gets into our connection,...... do they just use the internet?? or can they see everything we are doing?? can they see the websites we visit....the passwords we write? the emails we write etc etc??? ..... or do they just use the internet connection? harmlessly..........

ive generated a 128bit password for our WEP........ and im using internet on my macbook now with it. ...............

should we not setttle for anything but WPA?

i tried to set up this: WPA-802.1x
but it was asking for other info.......stuff i have no idea how to set up........
WPA-802.1x is the best and safest option right?

thanks for any info/help......

Windows XP Pro

Posted on Nov 3, 2008 2:28 PM

Reply

Answer 1

direwolf8

Level 4

1,286 points

Nov 3, 2008 2:45 PM in response to bob2131

WEP isn't terribly secure and if someone picks up your WEP key (the more traffic you generate the easier that is to do) then they will see your traffic unencrypted. WPA is much more secure.

Reply

Answer 2

bob2131 Author

Level 1

26 points

Nov 3, 2008 2:55 PM in response to direwolf8

picks up our wep key? you mean our wep password? (its like over 20 characters long)

the more traffic the better? you mean the more we are on the net.... the bigger and easier it will be to hack into?

they can SEE what we are doing on the internet??? like remote access??
passwords...websites visited...downloads...banking.....email written?.........all this will be viewable to the hacker? ............ i thought they would be just using the net connection....... man im so worried and paranoid.

would just our next door neighbours and people parked outside in cars with laptops be able to do this? or anyone in the world????

Reply

Answer 3

Nov 3, 2008 3:20 PM in response to bob2131

WEP is pretty easy to crack, using the proper software and hardware, a WEP network can be cracked within 5 minutes. WPA is also crackable but it's much harder to do.

From my experience WEP is enough to keep 99% of the people off your network, since most people don't bother.

About reading your data, it takes much more knowledge, however, don't forget that most important data is encrypted nowadays. Internet shops, banks, Gmail,... use SSL for sensitive data, so even if somebody could get your data packets they wouldn't be able to do anything with them.

However, I had a Nokia phone like 2 years ago and it was already able to work with WPA, so maybe try to check on Nokia forums.

Reply

Answer 4

bob2131 Author

Level 1

26 points

Nov 3, 2008 3:41 PM in response to Leon da Pro

thanks.
yeah nokia forums....a few people are having same prob with same phone.....

so are we only suseptible to attack from our neighbours and people outside the house?
or general people wherever? (with WEP home network)

i can use WPA...but when my bro comes home, he will want to use WEP with his nokia.....
i can see it getting real tiresome.... like waking up in the morning and changing securtiy settings.... and waiting for him to go to sleep so i can use WPA etc.........

when someone hacks into our network..... do they just see lists of data...etc.....or do they get to see a visual of exactly what we are doing.... like in remote access........like a TV station set to our internet activity.......scary.....like someone could be reading this forum post as i am writing it? ......

Reply

Answer 5

Nov 3, 2008 3:45 PM in response to bob2131

The longer password will help, but it's still easily cracked.

Your average person who is going to take the time to crack your security is going to do more than just "use" your internet. They are going to use your internet to do bad things and make it look like those nefarious things are coming from you.

Of course it's risk vs exposure. What kind of environment are you in? How likely is it that someone can drive up near your house, see your network, crack it and then sit there and use it? Etc.

If you are going to be using WEP, make sure that your internal network has limited access, so that if someone would crack into your network they are less likely to be able to snoop in your stuff (i.e. limit internal sharing to registered users only, etc).

So the answer is you are not as secure. The question is how likely it is that someone will come into your neighborhood to try to crack your system.

When I read about WEP cracking, as "easy" as it is, it is easiest with two or more computers, etc. Someone has to be "dedicated" to crack it all the same, though it can be cracked "easily" a person has to be dedicated to do it.

You are better off with WPA for sure and it is highly recommended to use it instead of WEP. How often is the brother over?

Reply

Answer 6

bob2131 Author

Level 1

26 points

Nov 3, 2008 3:59 PM in response to Stuart Vandeventer

thankyou
well we live in a normal street in UK...urban kinda area.....
cars can park up anytime and stuff..... also neighbours all around us.....i usually see 3 other networks listed on my mac, as nearby networks.

i use the internet alot. with 2 computers. and i like my privacy. alot of sensitive info on my part.

when i say we are networking.....we are not sharing any info or folders between computers....all the diff computers just use the internet..... thats it.....so limited access.....would we set this up in the router settings page?

man i dont trust anything or anyone....for all i know my next door neighbour is a computer hacker.

im still unsure....would the hacker be able to see exactly what we are doing on internet....like me writing this comment??? like remote access?

yeah i want WPA for sure...but my bro and his phone...are like aaagaghahah compromising everything. all he wants to do is check football scores and little things..... its not worth it....ill speak to him again........ we live in the same house man.....

im thinking of getting my own router or whatever......dont know how or if this is possible. but i would like my own internet connection....hard wired to my desktop pc and i would airport it on my macbook......... and i would pay the extra cost......... its all complicated man.......cause hes always messing around with his computer and changing settings and installing software etc....and its always knocking out my internet connection...... i dont like sharing my internet connection..... so then he could use WEP to his hearts desire....and i would use WPA or that 801. whatever next one.......

sigh.
it took us weeks to get all our computers working...... and now his nokia phone has put a spanner in the works.

Reply

Answer 7

Courcoul

Level 6

18,684 points

Nov 3, 2008 4:02 PM in response to bob2131

WEP is considered insecure cause whomever wrote the protocol wasn't a mathematician and didn't understand the crypto algorithm and coded the thing wrong. Every so often, two different plaintext packets get coded into identical encrypted packets, something called a collision in crypto-speak (different from an Ethernet collision), and that can grant you insight on a few bits of the key. Given enough collisions, any size key can be broken, hence the more you use the link, easier it is to crack.

WPA used to be invulnerable to this, but about a month ago Russian cryptanalysts found a way to harness a bunch of GPU's from video cards and crack WPA in a short time. End result: this day there is no secure wireless encription protocol. However, you do need much more resources to crack WPA than you do WEP.

If you live next door to Kevin Mitnick's brother or someone like that ( 😉 ) or you are doing top secret research work, you may need to add a second layer of protection, such as SSL, IPSEC, or more. However, for most mortals, encrypting the wireless link is more for protecting against freeloading neighbors who want no-cost Internet, rather than protecting Aunt Minnie's top secret chocolate chip cookie recipe. And in some places (i.e., Florida), knowingly hitching a free Internet ride is an illegal felony, so the cops are on your side when catching and putting the trespasser out of business .

Reply

Answer 8

BobHarris

Level 9

56,897 points

Nov 3, 2008 4:05 PM in response to bob2131

you mean our wep password? (its like over 20 characters long)

Doesn't matter how long or how short your WEP password is. It is encoded into either a 40 bit key or a 104 bit key, depending on which flavor of WEP you selected. Short passwords are padded out, long passwords are munged down. WEP is easily crackable regardless of the size and composition of your password.

However, as another post said. WEP keeps out most people because they are not interested in cracking your network. Also your location has a lot to do with it. If you like in a city with lots of neighbors (think condo/appartment building), then the odds go up. If you live in the suburbs with lots of distance between homes, the odds go down.

Reply

Answer 9

Bob Gold

Level 4

1,397 points

Nov 3, 2008 4:19 PM in response to bob2131

Bob2131,

You should be able to turn off (or disable) the SSID on your wireless router... This will make it so that folks searching for a wireless signal will not be able to see your WiFi...

If they can't see that you're broadcasting, they'll just pass on by.

Bob

Reply

Answer 10

user1724

Level 3

535 points

Nov 3, 2008 4:35 PM in response to Bob Gold

If you are worried about freeloaders, then turn on mac address filtering. Unless you list the mac address for their wireless card, they cannot get on.

But really, there are so many of my neighbors who have totally unsecured networks (as that is how the routers ship) if anyone wants on, why bother to crack my wep key.

You can look at your router at any time and see if you have any freeloaders. I suspect this risk when using a wep key is far overblown.

Reply

Answer 11

Nov 3, 2008 4:56 PM in response to Bob Gold

Mac address filtering, Hiding SSIDs all slow people down but does not stop a serious hacker. They do keep honest people honest, though.

The only true piece of mind is using true good security.

I would agree that the risk is probably overblown, i.e. how likely is it that someone is going to actually "try" to crack a person's WEP. The easiness of the cracking isn't overblown as any average joe who WANTS to crack into a WEP key can readily find the way to do so on the internet. but how likely is it someone would take the time with your connection.

If you use your network for sensitive information though, you are being a person is being a little niave to continue using it.

Our behavior is the number one key to security, though.

When it comes to network security and people getting access, make it so that any service you don't need is disabled on all computers on your network. If YOU can't do something on your, anyone who gets access to your network with have most of the same limitations that you do.

So safe computing will lead to safe networking if done correctly.

Myths of WLAN security: http://blogs.zdnet.com/Ou/index.php?p=43

All that said, WEP is better than nothing, but WPA is better than WEP.

Message was edited by: Stuart Vandeventer

Message was edited by: Stuart Vandeventer

Message was edited by: Stuart Vandeventer

Reply

Answer 12

bob2131 Author

Level 1

26 points

Nov 3, 2008 5:20 PM in response to bob2131

thankyou people, very helpful posts.

im still unsure....would the hacker be able to see exactly what we are doing on internet....like me writing this comment??? like remote access?

so its only hackable around your house? not streets away? just around the vicinity of the router.......right? ....... i mean..... theres enough houses around our house for me to not trust it.......

"allow broadcast of name(SSID)"......deselected......right bob gould

mac address filtering? man......can someone tell me exactly what to do....on sky/netgear router settings page......

"You can look at your router at any time and see if you have any freeloaders"......please tell me how......... how do you tell?

"When it comes to network security and people getting access, make it so that any service you don't need is disabled on all computers on your network. If YOU can't do something on your, anyone who gets access to your network with have most of the same limitations that you do."

i dont understand whats going on..... i use the internet on my macbook.... and on my desktop pc......via a router which is connected to another desktop pc..... all we want to do is use internet on each computer....we dont want to share a single file on all computers.......... where are these settings? are these router settings or computer operating system specific..... are we using a network? we just have one wireless router and multiple computers picking up the internet from this router........

Reply

Answer 13

Nov 3, 2008 5:28 PM in response to bob2131

bob2131 wrote:

"When it comes to network security and people getting access, make it so that any service you don't need is disabled on all computers on your network. If YOU can't do something on your, anyone who gets access to your network with have most of the same limitations that you do."

i dont understand whats going on..... i use the internet on my macbook.... and on my desktop pc......via a router which is connected to another desktop pc..... all we want to do is use internet on each computer....we dont want to share a single file on all computers.......... where are these settings? are these router settings or computer operating system specific..... are we using a network? we just have one wireless router and multiple computers picking up the internet from this router........

They are computer settings.

In Mac OS X system preferences. Go to the sharing pane and make sure all services are turned off.

Make sure if your router has a firewall it is turned on. Make sure your firewall on all computers are configured appropriately, etc.

If you don't need remote access, file sharing, etc, just keep them turned off.

I don't know how to turn most of these on/off on a windows computer, though.

As far as what can a hacker do if they get on your network, they can do whatever YOU can do. They can use sniffers and key stroke loggers to see what you are doing, but most have to be sophisticated to do it. The average person just wants to get on to use your internet and aren't going to spend time sniffing around, but understand that anything that they do will look like YOU are doing it. This is why we secure or networks or limit access to it.

I don't want to be "The sky is falling" or anything, as there is no need. You shouldn't feel ashamed if you have to use WEP as it's better than nothing, just understand the potential risk. If you accept it, it's no big deal. WEP is certainly better than SSID hiding and Mac filtering for sure. IF you hide the SSID you are going to make it more difficult for future clients that you want to join your network to find it.

It's not what security you use really, but that you use some FORM of security. SSID hiding and MAC filtering is not security, they are sand traps and trip wires.

Good luck!

Reply

Answer 14

Nov 4, 2008 7:05 AM in response to Bob Gold

Bob2131 if you're seriously concerned, why not connect to your router by ethernet? Most routers have several Ethernet sockets, so you can connect several Ethernet devices.

Where I am in central London I pick up about 10 networks, one of which I know is the hotel across the street. But I don't connect to them and I hope nobody is connecting to mine.

You can never be sure. Just make sure everything to do with "sharing" is turned off in your system preferences, and locked !

🙂

Reply

Answer 15

Nov 4, 2008 7:13 AM in response to Tom in London

And another recommendation is to not run as an administrator on your Mac or PC.

I can't speak to windows methods, but for a mac to change to a non-administrator account. Make a new administrator account in your account, log out, log in to the new account, and then remove administrator privs from your original account. Log out/Log back into your account. You'll now have to type in the new username/password to unlock access to system prefs and to add/delete from your Apps folders and do a few other changes, but it is a more secure environment.

Reply