I finally got my wireless laptop connected with our router, thanks to our cable guy who installed our cable internet connection, and everything works great. My only concern is that we didn’t set up the WEP key, which I understand is used to keep others from connecting to our network and using our connection, right?
In my router setup, what do I put down as a WEP key? I know I can’t just put a password because I looked up WEP keys online and all I got WEP key examples that look like colour hex codes.
Oddly enough, the software that came with my USB connected wireless box on my Win 98 machine let me put in an ASCII password that it translated to hex, while the software for the XP laptop required I entered the hex. So you might be stuck with the hex.
Two hexidecimal digits are just an easy way to represent one byte with no “waste.” You can use a byte to easily represent two decimal digits with BCD but it gives only 100 possible combinations rather than 256.
Because it’s hard to make a mnemonic passord with hexidecimal you should probably write it down. This is a violation of normal password protocal but you’re really trying to protect against that wardriver who doesn’t have physical access.
Odd, what router do you have? Mine allows me to put in a “normal” alpha-numeric password and it generated a WEP code.
I didn’t use it though since it’s a pain in the butt. I simply used a MAC filter. Since you should be the only one (right now) on your network go into your router, find the MAC address filter and have it filter everything but your computer currently connected.
I am also using the “weaker” WAP encryption but I don’t think it’s really needed.
I have heard that the methods for hashing a password to get a wep key vary from manufacturer to manufacturer. So if you have an access point from one company and a laptop with build in 802.11 from another the same password may not generate the same key.
Okay, so I’ve set up a WEP key on my router but supposedly my laptop is connecting to the router without WEP encryption.
Am I taking a major security risk by my laptop transferring data wirelessly? Any really “delicate” information I send through the internet is done through HTTPS anyway (online banking, email, etc.). I should be okay, right?
There are three common ways to specify your WEP key:
[ol]
[li]An ASCII string of either 5 or 13 characters (or even 16 on some newer hardware). Note that it’s not “anything from 5 to 13 characters,” it’s “5 characters or 13 characters.”[/li][li]A sequence of 10 or 26 hex characters, possibly 32 on some newer hardware.[/li][li]A “passphrase” which gets converted into a hex sequence like in #2.[/li][/ol]
gazpacho is correct that all the manufacturers do not use the same method for converting their passphrases to hex, which means that you can enter your passphrase on one piece of hardware, but you better look at the hex sequence it generated and enter that on the other device, not the passphrase. Unless they’re the same brand. For this reason, I consider the passphrase option useless.
Another interesting note is that while the 10, 26 or 32 character hex sequence is just a different method of entering the 5, 13, or 16 bytes for the key, entering an ASCII key of “hello” is not the same as entering a hex key of “68656C6C6F” (which is the hex equivalent of the ASCII string “hello”).
Yes, the rules are inexplicably complicated. I don’t think the designers counted on this being popular enough that I’d someday have to talk my mom through it over the phone. It was meant for weenies.
On another note, using MAC address filtering is not a very good way to keep people off your network. It’s quite possible for someone with a laptop to sniff the 802.11 frames and see the MAC address of your computer, then change their own MAC address so they have permission to use the network.
Vision of Love, if your laptop is connecting without WEP, you haven’t properly set up the key on the router. If you had, the laptop would be unable to connect. You should probably investigate the problem. Your HTTPS connections are secure, but you’re currently allowing people to get on your network and try to gain access to your PC. If they succeed, they could install a keystroke logging program that would send them the passwords you use to log into your online banking, email, etc.
You’re open to bandwith thieves and other ne’er-do-wells. If your neighbor sniffs out your wireless LAN and can access the internet through it, they might just stop paying for their own connection and steal off of yours. Less-savory prospect - in addition to just swiping your bandwidth, suppose they use your connection to send out huge amounts of spam, or run an illegal file-sharing server? Guess what? YOU are the one that’s going to be in trouble since it’s your connection.
Assuming you have one of the popular wireless broadband routers, you’re fairly (but not entirely) safe from anyone finding your computers as the router does something called NAT that translates the name of your PC to one that’s invisible to the outside.
For anyone who’s interested, here’s some technical info on the weaknesses of WEP. A lot of wireless setups now support WPA-PSK security, which uses the same encryption system, but fixes some of the design weaknesses. If it’s an option on your equipment, Vision Of Love, maybe you should use that instead.
Either way, as others have said, you should use MAC filtering too.
WPA-PSK (previously-shared key) is the “up-and-coming” security protocol, but sadly, its implementation isn’t 100% yet.
Also, be aware that WEP will cause some loss of effective transmission speed, and WPA will cause yet more loss.
If all of your devices can do WPA, I STRONGLY recommend it. WEP is utterly TRIVIAL to break - in a recent workshop, we were breaking WEP keys on neighborhood LANs in minutes. One was broken in 45 seconds. Please note that we were doing this for demonstration purposes only and did not make any attempts at accessing the cracked LANs, nor did we save or disclose the WEP keys - this was strictly a demo of how easy it is to break WEP.
It’s a Network Everywhere wireless cable/DSL router, model NWR04B. It was bought a year ago and I just got it hooked up yesterday.
How far is the range of this thing? I’m trying to think of my neighbours and they’re either retired seniors, or families with small kids. I don’t think my immediate neighbours would pose much of a threat.
But I’m a little worried about the keylogging thing.
When I’m in my wireless connection properties for my wireless connection and I enable Data encryption, enter and confirm the network key, and click OK, the Data encryption goes back to being disabled when I try to reopen the properties. Why doesn’t it stay enabled?
Sorry for the three posts in a row, but I finally got it to work, right after I made my previous post. I don’t know what I did, but I have a WEP key set up for my firewall and it’s permanently set into my wireless connection settings on my laptop.
I’m still interested in any discussion that may continue in this thread though.
This is not secure at all. Any passive sniffer (like Kismet) can detect your radio transmissions, even if SSID broadcast if off and your base station isn’t sending beacon frames.
All SSID hiding does is remove the SSID from normal traffic. The SSID still has to be transmitted when a client first connects. If the attacker doesn’t want to wait for that to happen, they can transmit some data (a deauthentication frame) that knocks all the clients off the network for a brief moment. When they automatically reconnect, the SSID will be retransmitted and they’ll have access.
In addition, MAC filtering isn’t very secure either. On many machines, it is trivial to alter the wireless card’s MAC address. By observing traffic and noting the MAC addresses of the clients, one will obtain a list of authorized MAC addreses they can use after a client has disconnected. In a residential installation, however, it can be effective since there are usually only one or two total clients, and the average attacker isn’t going to come back later when one of those clients is disconnected. (Only one computer can have a given MAC address at any one time. If an attacker acquires the MAC address of an already-connected client, they will break connectivity for both the legitimate client and the attacker.)
You’ll also want to avoid passwords that are words. A dictionary attack can be performed against the encrypted packets, and on a fast laptop it won’t take very long.