Is WEP the most secure encryption in wireless network security?
Is WEP the most secure encryption in wireless network security?. Discuss Is WEP the most secure encryption in wireless network security?, on Wireless Forums.
Is WEP the most secure encryption in wireless network security?
In terms of wireless network security, is WEP encryption the
most secure choice?
I am the home user, and have multiple machines connect to
the wireless router inside the house. I worry about the
wireless security and people can hack the machines.
There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
I chose WEP 128 bits but not sure if this is the most
secure choice.
Any other suggestions to make the wireless network more secury?
>In terms of wireless network security, is WEP encryption the
>most secure choice?
>
>I am the home user, and have multiple machines connect to
>the wireless router inside the house. I worry about the
>wireless security and people can hack the machines.
>
>There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
>I chose WEP 128 bits but not sure if this is the most
>secure choice.
>
>Any other suggestions to make the wireless network more secury?
>
>Please advise. thanks!!
>
>
>
WEP is flawed. Anyone with the proper tools and time can break it.
WPA is considered very secure if you use a good passphrase. Either TKIP
or AES (WPA2).
>In terms of wireless network security, is WEP encryption the
>most secure choice?
No, it is not WPA is more secure. WEP is breakable with sufficient captured
traffic.
>I am the home user, and have multiple machines connect to
>the wireless router inside the house. I worry about the
>wireless security and people can hack the machines.
Yes, they can.
Make your essid hidden, so that the outsider has to try to figure out
what your essid is to connect. Then make sure you have some encryption
configured. If you are worried, make sure that the key is changed
periodically.
>There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
>I chose WEP 128 bits but not sure if this is the most
>secure choice.
>Any other suggestions to make the wireless network more secury?
Re: Is WEP the most secure encryption in wireless network security?
> Make your essid hidden, so that the outsider has to try to figure out
> what your essid is to connect. Then make sure you have some encryption
> configured. If you are worried, make sure that the key is changed
> periodically.
No point in hiding the SSID if it's intentional intruders that are a
worry, they'll just run Kismet and immediately find it.
Similarly, WEP is equally pointless for deterring intentional intruders.
Re: Is WEP the most secure encryption in wireless network security?
Jerry Park <NoReply@No.Spam> wrote in news:pJh_e.656$Qb6.412
@bignews6.bellsouth.net:
> strutsng@gmail.com wrote:
>
>>In terms of wireless network security, is WEP encryption the
>>most secure choice?
>>
>>I am the home user, and have multiple machines connect to
>>the wireless router inside the house. I worry about the
>>wireless security and people can hack the machines.
>>
>>There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
>>I chose WEP 128 bits but not sure if this is the most
>>secure choice.
>>
>>Any other suggestions to make the wireless network more secury?
>>
>>Please advise. thanks!!
>>
>>
>>
> WEP is flawed. Anyone with the proper tools and time can break it.
Yes and not much time either. Say around two minutes max.
>
> WPA is considered very secure if you use a good passphrase. Either TKIP
> or AES (WPA2).
Much stronger than WEP. Probably fine for most purposes.
Re: Is WEP the most secure encryption in wireless network security?
On Tue, 27 Sep 2005 13:00:41 -0700, strutsng wrote:
> In terms of wireless network security, is WEP encryption the
> most secure choice?
>
> I am the home user, and have multiple machines connect to
> the wireless router inside the house. I worry about the
> wireless security and people can hack the machines.
>
> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
> I chose WEP 128 bits but not sure if this is the most
> secure choice.
>
> Any other suggestions to make the wireless network more secury?
>
> Please advise. thanks!!
WEP isn't recommended but it's better than no encryption. It would be best
to use WPA or WPA2 encryption instead.
> In terms of wireless network security, is WEP encryption the
> most secure choice?
>
> I am the home user, and have multiple machines connect to
> the wireless router inside the house. I worry about the
> wireless security and people can hack the machines.
>
> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
> I chose WEP 128 bits but not sure if this is the most
> secure choice.
>
> Any other suggestions to make the wireless network more secury?
WEP will only stop casual intruders. With sufficient data, it can be
broken. WPA is more secure, however you may also want to use a VPN.
Re: Is WEP the most secure encryption in wireless network security?
"James Knott" <james.knott@rogers.com> wrote in message
news:4aKdnUewnua1YaTenZ2dnUVZ_sudnZ2d@rogers.com.. .
> strutsng@gmail.com wrote:
>
>> In terms of wireless network security, is WEP encryption the
>> most secure choice?
>>
>> I am the home user, and have multiple machines connect to
>> the wireless router inside the house. I worry about the
>> wireless security and people can hack the machines.
>>
>> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
>> I chose WEP 128 bits but not sure if this is the most
>> secure choice.
>>
>> Any other suggestions to make the wireless network more secury?
>
> WEP will only stop casual intruders. With sufficient data, it can be
> broken. WPA is more secure, however you may also want to use a VPN.
>
1. Use WPA not WEP
2. Use a password that is at least 20 characters long.
( This will handle the weakness in WPA ... as per the latest
research on WPA :-)
or if you're wanting to up the security, you might want
to consider a VPN (with a digital certificate), or
a Radius authentication server (with digital certificates)
Re: Is WEP the most secure encryption in wireless network security?
strutsng@gmail.com wrote:
> In terms of wireless network security, is WEP encryption the
> most secure choice?
There is a very serious flaw in WEP which allows it to be cracked fairly
easily. If you have a choice between WEP and WPA go with WPA.
> I am the home user, and have multiple machines connect to
> the wireless router inside the house. I worry about the
> wireless security and people can hack the machines.
Thank you. You would be surprised at how many home users are
unconcerned about this sort of thing.
> There are choices such as WEP 64 bits, WEP 128 bits, and PSK.
> I chose WEP 128 bits but not sure if this is the most
> secure choice.
If PSK is shorthand for WPA-PSK (which it probably is) than that is the
best choice.
Re: Is WEP the most secure encryption in wireless network security?
Jeffrey Goldberg wrote:
> strutsng@gmail.com wrote:
> > In terms of wireless network security, is WEP encryption the
> > most secure choice?
>
> There is a very serious flaw in WEP which allows it to be cracked fairly
> easily. If you have a choice between WEP and WPA go with WPA.
>
I am using linksys wireless router, and it doesn't support WPA, it has
WEP.
any ideas??
Re: Is WEP the most secure encryption in wireless network security?
<strutsng@gmail.com> wrote in message
news:1127882106.585473.170040@g44g2000cwa.googlegr oups.com...
>
> Jeffrey Goldberg wrote:
>> strutsng@gmail.com wrote:
>> > In terms of wireless network security, is WEP encryption the
>> > most secure choice?
>>
>> There is a very serious flaw in WEP which allows it to be cracked fairly
>> easily. If you have a choice between WEP and WPA go with WPA.
>>
>
> I am using linksys wireless router, and it doesn't support WPA, it has
> WEP.
> any ideas??
>
If you go out to the Linksys web site, you can download
a newer version of the firmware for the box. This will
add WPA.
Other options:
1. Use a VPN (openvpn, poptop)
2. Use a Radius authentication server.
3. Use a different router.
4. Use this router as a front-end to another firewall,
so you'll have WiFi (public, and open, and also
have a secure private LAN).
Re: Is WEP the most secure encryption in wireless network security?
Postmaster wrote:
> <strutsng@gmail.com> wrote in message
> news:1127882106.585473.170040@g44g2000cwa.googlegr oups.com...
>
>>Jeffrey Goldberg wrote:
>>
>>>strutsng@gmail.com wrote:
>>>
>>>>In terms of wireless network security, is WEP encryption the
>>>>most secure choice?
>>>
>>>There is a very serious flaw in WEP which allows it to be cracked fairly
>>>easily. If you have a choice between WEP and WPA go with WPA.
>>>
>>
>>I am using linksys wireless router, and it doesn't support WPA, it has
>>WEP.
>>any ideas??
>>
>
>
> If you go out to the Linksys web site, you can download
> a newer version of the firmware for the box. This will
> add WPA.
>
> Other options:
> 1. Use a VPN (openvpn, poptop)
> 2. Use a Radius authentication server.
> 3. Use a different router.
> 4. Use this router as a front-end to another firewall,
> so you'll have WiFi (public, and open, and also
> have a secure private LAN).
>
> Enjoy
> Postmaster
There are also three other things to do here, which will provide some
additional layers that someone would have to go through:
1. Properly configure a local firewall on your computers. The router
will provide protection from someone coming in via the hardwired ISP WAN
connection, but will not protect you from someone trying to do
computer-to-computer access via wireless.
2. Disable the ESSID broadcast on the WAP. This disables the ability for
someone to casually identify your WAP passively using common clients.
Also change the ESSID from the default to something that is not
associated with you or your location. The number of my neighbors who
have WAPs in their homes was easy for me to determine, including their
use of ESSID's that reflected their names or addresses or the defaults.
I have spoken to each.
3. Use MAC address filtering on the WAP, which links the WAP connection
to the physical ID's of the wireless NIC's on your computers. It is
possible to spoof MAC addresses, but it is one more thing for someone to
do to get into your network.
The key to security is layers. Do not depend upon a single protection
mechanism.
Re: Is WEP the most secure encryption in wireless network security?
Marc Schwartz wrote:
> 1. Properly configure a local firewall on your computers
Good advice.
> 2. Disable the ESSID broadcast on the WAP.
Absolutely useless.
Casually connecting using common clients is already prevented even by
using only WEP.
This will not slow down people that really want to attack your network
at all.
> Also change the ESSID from the default
That's usefull to prevent from accidentally associating with your
neighbours network instead of your own if they buy the same brand access
point.
For security purposes again this is completely useless.
> 3. Use MAC address filtering on the WAP, which links the WAP connection
> to the physical ID's of the wireless NIC's on your computers. It is
> possible to spoof MAC addresses,
MAC address filtering is by far the easiest 'security measure' to
circumvent.
It can be useful to maybe alert an administrator or to log unregistered
MAC adresses that try to associate but that usually doesn't happen in
home situations.
If someone is actually capable of cracking WEP they will not have any
problem at all with any of the other mentioned "security layers" so
don't even bother.
As already mentioned:
Just use WPA, make sure you use a _long_ and _random_ key and don't
worry about the rest except the firewalls because it just doesn't add
anything useful.
>Jeffrey Goldberg wrote:
>> strutsng@gmail.com wrote:
>> > In terms of wireless network security, is WEP encryption the
>> > most secure choice?
>>
>> There is a very serious flaw in WEP which allows it to be cracked fairly
>> easily. If you have a choice between WEP and WPA go with WPA.
>>
>I am using linksys wireless router, and it doesn't support WPA, it has
>WEP.
wep is better than nothing. Remember that an attacker is going to have to
be located fairly near you ( but the house next door might be fine).
As I mentioned, hide the essid, make it complicated as well, so that the
attacker cannot guess it. Again security by obscurity, but that sometimes
works. If on the other hand you have issues that are worth thousands or
millions of dollars, buy a new wireless router that does support WPA, and
make sure that your connections are encrypted (ssh, VPN,...)
Re: Is WEP the most secure encryption in wireless network security?
"Marc Schwartz" <MSchwartz@mn.rr.com> wrote in message
news:fGw_e.75371$32.29810@tornado.rdc-kc.rr.com...
> Postmaster wrote:
>> <strutsng@gmail.com> wrote in message
>> news:1127882106.585473.170040@g44g2000cwa.googlegr oups.com...
>>
>>>Jeffrey Goldberg wrote:
>>>
>>>>strutsng@gmail.com wrote:
>>>>
>>>>>In terms of wireless network security, is WEP encryption the
>>>>>most secure choice?
>>>>
>>>>There is a very serious flaw in WEP which allows it to be cracked fairly
>>>>easily. If you have a choice between WEP and WPA go with WPA.
>>>>
>>>
>>>I am using linksys wireless router, and it doesn't support WPA, it has
>>>WEP.
>>>any ideas??
>>>
>>
>>
>> If you go out to the Linksys web site, you can download
>> a newer version of the firmware for the box. This will
>> add WPA.
>>
>> Other options:
>> 1. Use a VPN (openvpn, poptop)
>> 2. Use a Radius authentication server.
>> 3. Use a different router.
>> 4. Use this router as a front-end to another firewall,
>> so you'll have WiFi (public, and open, and also
>> have a secure private LAN).
>>
>> Enjoy
>> Postmaster
>
> There are also three other things to do here, which will provide some
> additional layers that someone would have to go through:
>
> 1. Properly configure a local firewall on your computers. The router
> will provide protection from someone coming in via the hardwired ISP WAN
> connection, but will not protect you from someone trying to do
> computer-to-computer access via wireless.
>
> 2. Disable the ESSID broadcast on the WAP. This disables the ability for
> someone to casually identify your WAP passively using common clients.
> Also change the ESSID from the default to something that is not
> associated with you or your location. The number of my neighbors who
> have WAPs in their homes was easy for me to determine, including their
> use of ESSID's that reflected their names or addresses or the defaults.
> I have spoken to each.
>
> 3. Use MAC address filtering on the WAP, which links the WAP connection
> to the physical ID's of the wireless NIC's on your computers. It is
> possible to spoof MAC addresses, but it is one more thing for someone to
> do to get into your network.
>
> The key to security is layers. Do not depend upon a single protection
> mechanism.
>
> HTH,
>
> Marc Schwartz
Gee guys, we forgot the big-ie...
Change the password on the router to something other
than "admin" :-)
-----------------
and of course one might consider hiding in a toxic cloud ...
Get another router with WAP, but hook up that old
beast to a separate computer that is infested with
viruses. Set it to channel 6, NO encryption, ESSID = linksys,
Enable DHCP, Don't connect to the net, just to the
honeypot/infested system, (change the password on the router),
Export plenty of Windows shares with read-only permissions.
( Not drive C )
and every few minutes send a Winpopup type message
to your guests... "Come on in, the water is fine"
And just let the invaders choke in a toxic cloud :-)
Then at the same time, on your new router..
1. Enable WAP (Use a 20+ character password)
2. Enable MAC filtering.
3. Change the router management password
4. Disable broadcast of ESSID.
5. Disable WAN ICMP (ping replies)
6. Use a Radius authentication server.
7. Use a VPN. ( IPSEC with certs )
8. Enable router logging.
9. Router's LAN side only goes to the internal firewall
and VPN gateway.
Now your comfortable fort is moderately secure and has a
nifty toxic cloud, for the "casual" invader's entertainment :-)
Re: Is WEP the most secure encryption in wireless network security?
Unruh <unruh-spam@physics.ubc.ca> wrote:
>wep is better than nothing. Remember that an attacker is going to have to
>be located fairly near you ( but the house next door might be fine).
True.
>As I mentioned, hide the essid, make it complicated as well, so that the
Silly.
You *can't* hide the ESSID! You can turn off periodic
broadcasting of the ESSID, but that does *not* hide it. It is,
unencrypted, sent in every packet you transmit. The broadcast
merely makes sure that you do in fact transmit a packet at
short, regular intervals.
The point of doing that is to allow a short "scan" to detect the
presense of a network. The value is that it can be *avoided* if
it will interfere with another network. Hence if you turn off
ESSID broadcasts the likelyhood that a neighbor will fire up his
wifi access point on the same channel as yours, is much greater
than if the ESSID broadcast is enabled.
If the neighbor is interested in cracking your network, the lack
of an ESSID broadcast is *not* going to hide the existance of
the network for longer than it takes you to use it. Which is to
say that as soon as you actually do use it for traffic, your
ESSID is available to the neighbor.
>attacker cannot guess it. Again security by obscurity, but that sometimes
It has *nothing* to do with security, obscure or otherwise.
>works. If on the other hand you have issues that are worth thousands or
>millions of dollars, buy a new wireless router that does support WPA, and
>make sure that your connections are encrypted (ssh, VPN,...)
All of the Linksys routers support WPA. The earlier /firmware/
doesn't though, and either a Linksys upgrade or third party
firmware can be downloaded and applied to add support for WPA.
--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) floyd@apaflo.com
> I am using linksys wireless router, and it doesn't support WPA, it has
> WEP.
> any ideas??
Can you post the model number of your linksys? You did say earlier that
among your choices was something called "PSK" (Private Shared Key).
That may be a WPA mode.
Yes, make sure you have the latest firmware from Linksys for this
router.
>WPA is the same as PSK?
Well, PSK is a subset of WPA. I don't have one set up here right now,
but I've played with them a lot lately. You ought to have an
encryption style, which will be {none,wep,wpa} and upon selecting WPA
you'll get another selection of {psk,radius,etc}, and then upon
selecting PSK you'll get {tkip,aes?}.
You'll want WPA - PSK - TKIP with a non-dictionary passphrase.
PSK, in this context, is a mode of operation of WPA. In your case, PSK
is the best choice. (For environments in which there is a geeky system
administrator at hand, I would advise RADIUS, but that requires a whole
lot of other stuff to be set up on the network.)
> It has PSK-RADIUS, and RADIUS, which one is
> better?
Use the one that offers PSK.
> Ok, if someone really hacked my WEP key, then they can get in my
> machine and steal things?
Big question. It doesn't have a simple answer, which is why security
issues are hard. If someone gets passed WEP, it means that they've
gotten on to your network. The analogy that I like to use, is imagine
if you had a wired home network and you ran some wires out from your
house into the neighborhood for any to connect to.
The rest depends on the security of any internal firewall you may have
(say between your wireless and wired internal networks) and the security
of the particular hosts on those networks and the communication between
those hosts.
So it is best to secure each machine on the network as best as possible
on its own. Keep in mind that someone who gets onto your private
network can sniff all the network traffic, so you don't want sensitive
information (particularly) passwords traveling around your network
unencrypted. If you have highly sensitive information, you should
consider keeping that encrypted even on the disk. With Linux you can
set up entire encrypted filesystems. (But if you forget the pass
phrase, you're data is truly unrecoverable.)
I'm sorry that there isn't a simple answer. For some purposes it is
"good enough" to be better secured then your neighbors. There is the
old joke of two men camping, and a bear starts threatening them at their
campsite. One man starts to put on running shoes. The other says,
"What are you doing? You can't out-run a bear." The first answers with,
"I don't need to out-run the bear, I just need to out-run you."
On the whole, this "good enough" is a bad approach. But nearly
everything needs to be evaluated on a case by case basis. If you wish
to publicly be more specific about your concerns, it will be much easier
to give specific advice.
Re: Is WEP the most secure encryption in wireless network security?
"Jeffrey Goldberg" <nobody@goldmark.org> wrote in message
news:11jli7qvg7640d@news.supernews.com...
> strutsng@gmail.com wrote:
>
>> I am using linksys wireless router, and it doesn't support WPA, it has
>> WEP.
>> any ideas??
>
> Can you post the model number of your linksys? You did say earlier that
> among your choices was something called "PSK" (Private Shared Key). That
> may be a WPA mode.
>
> -j
>
It's the temporal key exchanges that add the additional
security of WPA. A key, is only a key for a short
period of time, then the keys change. Thus making
a sniff and capture much less interesting.
Re: Is WEP the most secure encryption in wireless network security?
On Wed, 28 Sep 2005 15:40:03 GMT, "Postmaster" <postmaster@127.0.0.1>
wrote:
> -----------------
> and of course one might consider hiding in a toxic cloud ...
>
> ...... <snip>
>
> Now your comfortable fort is moderately secure and has a
> nifty toxic cloud, for the "casual" invader's entertainment :-)
The US is just crazy enough that an intruder who choked on your toxic
cloud would be able to sue you for setting a trap. I kid you not.
Unfortunately.
>WPA is the same as PSK? It has PSK-RADIUS, and RADIUS, which one is
>better?
>Ok, if someone really hacked my WEP key, then they can get in my
>machine and steal things?
No. They can get onto your network. Linux machines need to be logged into.
Ie there is yet another layer of protections-- your password to log onto
your system. Now, if you make a habit of not using ssh to log from one
machine to the other on your network, then they could monitor your network
to find your password and then log onto your system and steal stuff.
On the other hand if you do not do such things, then they will somehow need
to get your password first before they can get into your machine.
>Unruh <unruh-spam@physics.ubc.ca> wrote:
>>wep is better than nothing. Remember that an attacker is going to have to
>>be located fairly near you ( but the house next door might be fine).
>True.
>>As I mentioned, hide the essid, make it complicated as well, so that the
>Silly.
>You *can't* hide the ESSID! You can turn off periodic
>broadcasting of the ESSID, but that does *not* hide it. It is,
>unencrypted, sent in every packet you transmit. The broadcast
>merely makes sure that you do in fact transmit a packet at
>short, regular intervals.
>The point of doing that is to allow a short "scan" to detect the
>presense of a network. The value is that it can be *avoided* if
>it will interfere with another network. Hence if you turn off
>ESSID broadcasts the likelyhood that a neighbor will fire up his
>wifi access point on the same channel as yours, is much greater
>than if the ESSID broadcast is enabled.
>If the neighbor is interested in cracking your network, the lack
>of an ESSID broadcast is *not* going to hide the existance of
>the network for longer than it takes you to use it. Which is to
>say that as soon as you actually do use it for traffic, your
>ESSID is available to the neighbor.
>>attacker cannot guess it. Again security by obscurity, but that sometimes
>It has *nothing* to do with security, obscure or otherwise.
>>works. If on the other hand you have issues that are worth thousands or
>>millions of dollars, buy a new wireless router that does support WPA, and
>>make sure that your connections are encrypted (ssh, VPN,...)
>All of the Linksys routers support WPA. The earlier /firmware/
>doesn't though, and either a Linksys upgrade or third party
>firmware can be downloaded and applied to add support for WPA.
Thanks for the lesson. One of the wonderful features of netnews is that
your own mistakes get rapidly corrected.
Is WEP the most secure encryption in wireless network security? 
Linear Mode
