You only use one of the keys (whichever one you select). It is advisable to change keys periodically, perhaps once or twice a month. Otherwise they could theoretically get hacked.

Wep is as full of holes as swiss cheeze.

802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementaions of this attack.

AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.

You need a WAP that allows Mac Address and WEP and other authentication methods.

Otherwise Wep protects you only for about 4 hours.  Don't be lulled into thinking that wep

is going to keep you safe and secure.

http://airsnort.shmoo.com/

The biggest problem being that any addtional security Like Radius and VPN slow down the connection

AND they are proprietary to specific vendors.

 

 

does 802.11G have any improvements to encryption security or is it just improvement in throughput?

also, is it not conceivable that any 802.11b NIC can be converted into an 802.11G NIC with just a firmware upgrade?  (since it seems like its just a more aggressive keying technique that increases the bandwidth)

Message Edited by jkoc on 02-08-2003 06:57 PM

nasty!

802.11G is higher speed without changing frequency.

Increased speed means it only takes 2 hours to break your key and hack you.

With the password changed on my router, the SSID disabled, WEP encryption on and MAC filtering on, how long do you think it would take someone to crack this configuration?  Also I only send and receive in 11G, not 11B.

 

 

Also limit the number of available DHCP addresses to just the number of connected computers if your router allows this.

It is not a question of someone entering your network; it is the concept of someone monitoring your network.

As for time, it would depend upon how much you are using the network; 5 to 10 million packets and the network is cracked. With the MAC filtering and setting the DHCP to only the number of computers, no one is going to get into your network and, for example, plant a virus. But your data (that is not sent encrypted such as by IE encryption) is open for view.

I would never send a credit card number wirelessly.  Which means don't pay at the pump at Sheetz gas stations in the east - they use open wifi between the pumps and the register.

According to the article originally referenced, if the data is sent via Internet Explorer encryption (as all such data should be, with IE 128 bit encryption), it is no more vulnerable than normal internet traffic; even if they break the WEP keys, they still have the IE encryption to deal with. The IE encryption happens before the WEP encryption.

Having said that, I don't use my laptop via wireless for credit cards either. Call me old fashioned...

Thats why WEP and MacAddress filtering are only Hoops to jump thru. Mac Adresses can be spoofed and or RE-Programmed. Many Prism based cards allow you to reprogram the MAC address of the card during a firmware upgrade.

VPN adds an additional layer and quasi encryption but like kerberos, web, DES, etc
all can be cracked eventually. You arent making it Impervious. Just harder to break.

If you wan't more security you should be using Wired not Wireless.

I'd call that smart. 

Frankly, most people aren't as worried about security as y'all are. They want the fastest connection possible. You all seem to be missing the big problem, which is that file and printer sharing is likely enabled. I don't care if someone snoops on my internet traffic (which they could just as easily do if they're using Time Warner also). I don't want them accessing my hard drive and looking at, copying, or deleting files.

So my method of being secure is to make sure I have good strong passwords on all my boxes and that I'm not allowing guest access to my shares. If anybody piggybacks on my internet connection for a few minutes, they're welcome to it, but I know that my data's going to be secure, and that's what's important to me.

jgreen, I gave you a five star rating.  I have been reluctant to use credit cards on the internet, but eventually, I gave up because of the convenience.  I figured that I am only responsible for $50 if there is fraudulent use of my card, and most banks waive it any way.  I had my credit card number stolen 3 times, not through internet use, but thru criminal merchants or their employees.