Problem with WPA over WEP is that a lot of devices (such as some Sony Ericsson phones) do not support it on their wifi interface.

abhiroop

I don't even have wifi. I'm happy with my ethernet cable and being plugged into the wall. I rather enjoy my privacy, but being "wired" is so uncool these days.

evangelistc01

This article is perfect timing since my wireless router and laptop will be arriving Monday.

QUESTION 1: If I don't secure my wireless connection is it possible for someone to hack into my laptop or my desktop that is wired to my wireless Router? How will other people leeching my wifi affect my internet speed?

QUESTION 2: Also Assume I secure it and then share folders from my primary desktop so my laptop can access it. Can someone hack in and steal the files/data on the shared folders?
I am not a novice with PC's. Wireless networking, however, is a new area for me as I have never needed it previously.

EracMan

I also use WPA to secure the home network. Right now we have 2 macs, 2 iphones, and the xbox 360 all communicating freely with a linksys router. I went for a few months with no security, but strongly recommend implementing it to ensure that your data and communications stay safe!

scandy

Funny you posted this today, I was hanging out with this guy I hadn't hung out with in a while (my neighbor), and he said he could hack my WPA key to get my password. I told him he was an idiot and that only WEP has been hacked. He says no, and worked on it for like 4 hours, and he got my password. And so I changed my password to something else. And he got it again. Apparently he was able to get through my WPA because it's still hackable, which was why they came out with WPA-2. I don't know what the hell he did to do it, but at least I'm secure with ym WPA-2 password.

Sam_Zebian

i want to encrypt my network and bump up the security, but i'm afraid of f'n up my connection for my 360 and i just cant afford that.

nikkomorocco

why secure it; the ones who are going to do evil can enter whatever security you put on.

I leave my network open and I have 1 leecher that keeps on stealing my network all the others are just people who probably need it at that time.
As long as it doesn't cost me anything I leave the network open (and the sharing of the computer is closed).

Locking your network is a pain to you and a pain to people who want to check their internet on the road.

(for people like me you can also check FON who has a nice product to allow people to share their internet safely)

twopeak

Oh man. I currently have the Linksys WCG200 combo router/modem. As it turns out, my version only supports WEP. Up until now I've only been using MAC address filtering, since I only have one laptop that uses the wireless. Anyone have any suggestions for a good modem/router combo?

jcamson

I find securing a router kind of meaningless. I don't mind sharing my connection, and I run a strong fire wall with few open ports.

I enable them only when running certain applications, namely, TF2, Battlefield 2, CS:S, and uTorrent.

With proper care, it works just fine.
Also, in a Lifehacker post, [lifehacker.com]
the benefits of open-routers are discussed.

malnourish

I only enable wifi when friends are over with their laptops and then I use WPA. If I didn't fileshare I might be more willing to leave it open, but for now, I don't even trust encryption given that I live in an apartment complex and know that with enough time anything is possible.

Confuzius

Here is something to check your security. Granted it is more for the advanced computer user, but non the less it will get the job done.

[www.remote-exploit.org]

sunnydayz

@ twopeak, @malnourish,
That's all fine until the police and/or the RIAA come knocking on your door and accusing you of:

(Pick One)
1. illegally downloading songs
2. illegally uploading movies
3. illegally distributing SPAM
4. illegally distributing viruses
5. illegally accessing government computers
6. illegally accessing financial institutions computers
7. illegally downloading child porn
8. illegally uploading child porn
9. all of the above

Good luck with that.

cronick

Although it is kind of a pain, the combination of WEP or WAP with Mac Address Filtering makes your network fairly impenetrable.

It's a bit of a hassle to wrangle all the MAC address' but that additional obstacle will prevent most 'war-drivers' from getting very far.

Does anyone know of an application to alert you when someone has connected to your access point?

thetayloreffect

@Lazarus: Yeah, well now my friend knows all of my important passwords. I use a universal password, I just can't remember more than like 5, and I don't want to have to access it from some notepad file that's encrypted with it's own password to access my email or go to youtube and comment on a video. I can't save my passwords in firefox, it displays the passwords in the settings, that was how he got my passwords 8 months ago, so I have to be a little more secure)

Sam_Zebian

@Sam_Zebian: Sounds like you were running WPA-PSK (static pass key)which is easily hackable with programs available online. I always recommend using WPA2 due to its fully secure algorithms.

Lazarus

What about locking everything down unless you allow the MAC address of the particular item to access the router?
Is this secure?

DigitalOldschool

@nikkomorocco: It is completely doable. My 360 is secured with WEP because I have a few devices that wont accept WPA :/. If you need help I can walk you through it.

sisedi

Seriously man, you need better friends. =D

darkpaladin79

@DigitalOldschool: Not really. Network traffic can be observed and MAC addresses can be easily spoofed.

cronick

This is your data without WEP/WPA:
4433 1122 3344 5566 01/10 123 J Smith

This is your data with WEP/WPA:
oaiewrhjgtaegtp0agtr09u3w4o432lkjnweliuq43098

Protect your wireless connection. All you have to do to read CC information over unencrypted WiFi is run a sniffer, which usually comes with Linux, and I used AnalogX's free packetmon program under Windows.

MAC address filtering is a waste of time, you can set your MAC to anything you want. If you layer all the security you can find on your WiFi, you are doing the right thing and being harder to attack than your neighbour, which is the whole point.

PReDiToR

I subscribe to Cory Doctorow's belief that people should keep their wi-fi connections open. It's a nice courtesy and, as long as it doesn't cost me anything, then I don't see the harm. I realize there's a slight risk involved, but the odds of anything truly illegal happening via my connection are slim-to-none, at least in my area.

Sharpless

My security is rock-solid. Signal doesn't go past the front door. Router connections are maxed out. Couldn't connect an outside device to my router even if I wanted to.

sumocat

Also you can limit the number of IP addresses your computer hands out to include only the number of computers in your home network

kidnextdoor

wifi and secure should not be in the same sentence.

wireless is inherently insecure. if you're paranoid, don't use it. if the convenience is worthwhile, then do so, but understand that nothing is really impenetrable. using wpa2 and mac filtering and really anal settings will stop most random people. most. not all. if you had, say, me as a neighbor and I was dead set on getting access, it would not be impossible.

@EracMan: no duh someone can do whatever they want no matter how it's connected if it is connected? a connection goes both ways, don't forget.

@Lazarus: I don't know what kind of world you live in, but cracking wpa2 is only a matter of time.

crazylady

@thetayloreffect
google airsnare it is what you are looking for

sunnydayz

WPA's been cracked for a while now, but it still takes longer than WEP.

ph15h needs a nu job

WEP is insecure. Anyone can crack WEP within less than an hour using the right tools.

WPA2 TKIP is harder to crack but some people make it easy by using small dictionary words or easy to guess passwords.

WPA2 AES (CCMP) is better. I haven't heard any way of breaking it yet.

Best is if you can setup your own RADIUS server and use WPA2 Enterprise security. This requires lot of skill.

Not all routers/wifi devices support all the methods so you may have to upgrade other devices.

Unless you know that your wireless network is secure, I would not advise connecting to sites which do not use https to do any critical activity like online banking, online shopping, e-mails etc.

It must also be mentioned that a weak wireless network exposes your wired network to threats. Once a hacker gets in to your wireless network, the wired network is no longer safe.

MAC address filtering and suppressing ssid broadcast to make wireless networks safe are both myths. Do not ever think for a second that these will make your wireless network safe.

arungupta

I simply have wep implimented at home. I should have mac filtering on due to that but I do feel pretty safe knowing that not many people within a 100mt radius have the appropriate knowledge to be harmful

simmo

@EracMan, in case it wasn't clear in the previous response (it certainly wasn't nice), the answer to both questions is "yes".

Alan Thomas

@PReDiToR: "All you have to do to read CC information over unencrypted WiFi is run a sniffer."

That's true if you make a habit of plugging your CC# into unencrypted websites or sending it through unencrypted email. Most people aren't that stupid, though.

Hamm Beerger

@Alan Thomas: Thank you for the courteous response. I will do some more investigating before I unleash my wifi upon the world.

To the other respondent, please be aware that we live in a world with other people and should strive to at least be courteous. "duh" is not only a very Junior high response, it is also rude unless you are talking to a good friend with whom you already have a good rapport with. A more educated response would support your statement with some information to justify your response. I saw nothing of the sort in your reply.

Social etiquette (electronic or ortherwise) is NOT an overrated skill. It is worth developing.

EracMan

This is a great article. I can point lots of people to it instead of watching their eyes glaze while I am trying to explain it to them.

I also agree with folks who leave their wifi open for sharing. If my router had the ability to create a second wireless network that I could throttle, I'd happily do the same.

johnniewalker

@cronick: Ah but you see my friend, that works even better. Then you just say "but my network was unsecured! someone else must have gotten in and done those things!" See them try to disprove that! No common household router bothers to keep logs of its DHCP leases so unless you actually identify yourself it could very easily have happened - I know because I've piggy-backed our entire internet connection off my neighbors WiFi by routing outgoing requests through it when we were speed limited.

Of course thats if you weren't stupid enough to leave your actual illegal cp/music/movies/games/terrorist manuals lying around on unencrypted hard drives :p

m4dm4n

If it were so easy to set up a wireless network, then why would bloggers feel there is a need to explain how to do it?

Other than from IBM, I have seen few instruction manuals that aren't poorly written and riddled with ambiguities.

I use Ethernet cable myself.

Step 1. Plug one end into the router.

Capone

I can't believe how many people I know also love "sharing" their wireless like it's the 70s or summat. Share STDs while you're at it, won't you?

Wait, just wait till ISPs start doing bandwidth/per GB capping. Then don't come crying to me.

_||_

oh man, you lucky Americans need to start paying Australian bandwidth prices. Then you can be damn sure that you wouldn't let just anybody use it.

cbiggins

While it's true that MAC filtering shouldn't be your only method of security, it's solid if nobody else knows any of the authenticated MACs. Spoofing your MAC address is ridiculously simple, but you have to know what MAC to spoof with first.

He won't be able to sniff your network traffic without having a whitelisted MAC in the first place, so that's not a worry. Your friends could get your MAC if you let them into your network and spoof it later, but if you've already given them access, that's already a hole.

Now, you could go to a coffee shop and use their wifi (through an encrypted tunnel, I hope), and a hacker on that connection could see all the MACs on the network. Then, he could figure out which individual is using which MAC (somehow, maybe just simple process of elimination).

Then, he could follow you home and change his MAC to match yours and get into your network... but that would be an awful lot of work for likely no gain.

dirtygreek

WEP and WPA are both crackable. If you want to be ultra-secure, consider an open AP with an IPSEC VPN login. It will handle authentication and confidentiality.

Here's an article to explain what I am talking about: [searchwindowssecurity.techtarget.com]

JakeRobinson

@dirtygreek: I sure wouldn't want to see you following me around with your laptop.

Maybe I need to make a REAL firewall you know out of fire. Will that keep the hackers away?

ROTFL!

AskTheAdmin

@dirtygreek:

Absolutely false. The MAC addresses currently being used on the network (the whitelisted MACs) can be sniffed off of the wireless packets.

MAC whitelisting will keep your computer-inept neighbor off of your network, but that's about all.

Ugly Joe

@dirtygreek: 802.11x?

Erwos

Well damn! If they can sniff your whitelisted MACs AND WEP and WPA are crackable, is there ANYTHING short of just not having wireless or painting your walls with radio-blocking paint that will help?

dirtygreek

One thing I am not clear on: Can plain vanilla WPA-PSK using TKIP be cracked if the Pre-shared Key is long and complicated and not in any dictionary?

I tried researching this, and I got the impression that cracking WPA depends on using a dictionary attack, but I am not technically adept enough to be sure.

AndyFromTucson

x= a, b, g or n

AskTheAdmin

On my home network I have the wireless router wide open, but it connects to the rest of the network via an extra network card in the little Linux box I use as a file+web server and gateway. It only allows UDP packets on a specific range of ports to a specific address on which I'm running OpenVPN.

You can freely use my wireless, if and only if I've given you a cert and key for the VPN.

WEP: Can be cracked in double-quick time, very little protection
WPA: Can be cracked but it takes much longer. Passers-by won't get in but neighbours (or anyone else in range for long enough) might.
OpenVPN: If someone had cracked the protocols it uses, it would be a BigThing(tm) in the techie news and I've heard nothing.

This option is no good if you have any game consoles that you want to connect wirelessly though, but I don't so that isn't an issue for me.

dspillett

@cronick: Then they will have to prove it comes from my computer; they can only prove it comes from my access point.
If you have secured your access point the same can happen but it will be more difficult to say someone hacked his way in.

And how many people will go around steal the neighbours internet to download kiddie porn... Sounds exagerated to me!

The second thing is that I'm in Europe, where they would actually first have to prove I did something wrong before they can really start a legal procedure. Without knowing the us situation, my impression is that things are more fair here.

twopeak

Just to be nitpicky, it's Temporal (not Temporary) Key Integrity Protocol.

rockiesjason

Those that prefer to run open networks, take a look at Man-in-the-middle attacks ([en.wikipedia.org]). You can have your home PC/laptop as secure as you like, but if the attacker uses MITM techniques, he/she will have any and all information you submit online including credit card info, passwords, social security #, etc.

ezhelm

Arrrgh!

Another one of those "hiding your SSID is bad advice" posts.

Security Rule #1 - layer your security measures.

Security Rule #2 - Know your environment

It is simply not necessary for most folks to use WEP or WPA. For those in an environment where WEP or WPA are necessary, you better ignore the advice in this article and hide your SSID, turn off DHCP, and filter by MAC address. All this and WPA also. If you have a real reason to be paranoid but still need wireless, consider VPN over wireless.

If you are in a rural area, or in suburbia, you are not likely to need more than MAC filtering. Many APs also allow you to disable and enable ports by schedule, so you could turn off all ports at bedtime and turn them on at wake time. Also consider where you place your access point, walk around your house to understand how close you have to be to connect, and consider hiding your SSID. Having a hotel, coffee shop or some other similar business next door might put you at greater risk--and you have to assess your risk by considering the rest of your network--but you probably don't need to change much.

The reality is that your computers will do a better job of keeping hackers out. If someone wants to use your connection to share several terabytes of MP3s or porn, you're going to have a better chance of catching them by looking out your front door.

Fr33d0m