WiFi Security Question
Hi Fred, love your Plus! newsletter. extremely informative. I purchase it every year.
I heard that WEP used for wireless isn't that good to use, use WPA or WPA2. My question is that I bumped up the encryption from 64 bits to 128 bits using WEP. I have Qwest as my DSL provider and they said they don't support WPA only WEP. I like Qwest so I don't want to change my provider. So is it okay to still use WEP? I do access the internet for email and for purchasing merchandise. Thanks, Bruce
WEP is the older WiFi communications security standard; "wired-equivalent privacy" ( http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy ), which allows for up to 128-bit encryption. It's actually a bit of a misnomer because it's far easier to grab broadcast signals out of the air than to intercept data flowing through a point-to-point wire; everything else being equal, wires are inherently more secure.
Plus, 128-bit WEP encryption isn't what it used to be. PCs today are like the supercomputers of yesteryear, so that even crude brute-force hack attacks may succeed in workably short timeframes; and the WEP ciphers themselves turned out to have mathematic flaws that make them more easy to crack than they were supposed to be ( http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html ).
That's not to say that WEP is junk--- it's still OK for routine use. That's because it's not likely that a random hacker or wardriver will bother trying to hack a WEP-protected access point when there are plenty of easier pickings--- unprotected access points--- out there. It just wouldn't be worth their time and trouble to go after an encrypted one, unless there was some special motivation to do so. (And in that case, then yes, with sufficient time, skill, and motivation, WEP encryption can be broken.)
As for online purchases, consider: When you're on a secure site via WEP WiFi, you have double encryption going on: the local WiFi link itself is encrypted by the WiFi software; and the data going to the secure site is also *separately* encrypted by the browser--- encryption within encryption. Again, while it would be technically possible to crack all that, a cracker would need some pretty strong motivation to do so.
So, there are two take-away points here. First, WiFi, or *any* form of radio communication that broadcasts your data through the air, will always carry some risks because it's inherently easier to detect than signals in a point-to-point wire. But even so, and this is the second point, even plain-vanilla WEP can be made reasonably secure for routine purposes.
It takes four steps:
In brief: Change and protect the access point's "SSID;" set the access point only to accept connections from known and preapproved MAC numbers (the "media access code" built into all network devices); use 128-bit WEP with a long, complex passphrase; and use good LAN security (firewalls, good passwords, etc.). If any of those terms or procedures isn't clear, the article at http://www.informationweek.com/story/IWK20021031S0004 spells it all out, and explains the jargon.
With those four steps, you'll block just about all the easy routes to hijack a standard WiFi connection or to eavesdrop on the communication thereon.
Lots more info here, too:
http://search.atomz.com/search/?sp-q=wireless&sp-a=0008002a-sp00000000
Beyond that, there are newer encryption/security standards that are intrinsically harder to crack; it's "WiFi Protected Access," which unfortunately goes by the same acronym as "Windows Product Activation:" WPA. Higher-end WiFi gear that's come out in the last 18 months or so may support WPA or WPA2, and thus offer more security than WEP. ( http://en.wikipedia.org/wiki/Wi-Fi_Protected_Accesss )
Getting back to Bruce's specific case: I'm not sure why Quest would care one way or the other what WiFi link you're using, unless it's their hardware. Many DSL and cable providers offer the option of buying and using your own hardware on their connection; this might be an option that would let you upgrade the WiFi hardware to something newer.
But no matter what, it's worth remembering that most problems with WiFi come from unprotected access points that are wide open and running without even basic security. This is the kind of thing you see in public hotspots in hotels, airports, coffee shops, etc; and in home and office setups where someone just takes the access point out of the box and plugs it in, without changing the defaults.
Even though WEP isn't state-of-the-art any more, in real life it still can be acceptably safe as long as everything's set up properly. Again, see http://www.informationweek.com/story/IWK20021031S0004 for more info.
Digg
Del.icio.us
Reddit
StumbleUpon
Other
Permalink
