Wireless Security

WEP and MAC Auth is not secure.... WEP is easily cracked and MAC's are easily cloned...

Google WEP Cracking and you can find many scripts that will auto do it for you and then Google MAC cloning and alas the same thing.

WPA or WPA2 FTW

WPA-PSK is starting to fall under the same attack as WEP was. There are starting to be tools and write ups on how to crack WPA-PSK...especially if a weak passphrase was used. But in my opinion, WPA-PSK is still more secure than WEP.

You don't have to connect to a network to intercept the information that's already going through the air. It takes 30 seconds these days for a skilled attacker to crack a WEP key- I've done it myself in a lab setting. With the key in hand all your network traffic can be easily decrypted. DO NOT RUN WEP. It is the near equivalent of running an open network, MAC filtering or not.

Edit: Using WEP is basically as secure as running an ethernet jack to the outside of your house with a huge arrow pointing at it.

Agreed with all the above. Use WPA2.

WEP is secure only against casual users (like your neighbors) who look for no-password wireless to leach internet from. Almost anyone with the intention of hacking will be able to pass through WEP within minutes.

WPA2 + long pass phrase + good router is the way to go.

Standard rule of thumb in the electronic security business: Nothing is secure if the interested party is willing to invest the resources. That being said, there are different levels of security going on all the time with electronic communication...

If you're using a laptop connected wirelessly to a router using encryption (WEP,WAP,etc.) in your home, that signal can be intercepted and the data analyzed to the point where it can be cracked eventually.

The data traveling from you to your bank is encrypted the second you hit enter on your keyboard. Assuming you're using a secure website to do your banking and haven't already been hacked or that there isn't a keylogger installed both hardware or software wise.

Your email is not encrypted unless you specifically use a program to do so. Your ISP may also keep a copy of all email coming from and going to you.

The only people that want us to be paranoid over our wireless connections are the ISP's - they want everyone to subscribe!
I have my wireless open and I'm quite happy to let my neighbours use it.
When I do anything that requires a secure connection I either use my PC thats wired to my router, or do it at work - but that generally accounts for 0.000001% of the time.
I also subscribe to the camp that believes that if you want/need something to be secure and safe, then don't get it anywhere near a PC.

and if your unsecured wireless network is connected to the same network as your wired pc then it is so easy for someone to piggy back onto your network and access what you think is your secure pc!!!!!!!!

Always use security whenever you can.

And I think your friend is right in so far that probably no one is going to clone a MAC adres. Cloning a MAC address requires more than average knowledge of networks. You could get a more secure network, but after a while you should have to wonder about whether this is necessary or not. Is your data relevant enough to interest a knowledgeable person? In my case, at home I've got WEP security and MAC address filtering. Why not WPA or anything else? Because I haven't got any data going over this wireless network that is so interesting that it would spark the interest of a guy who is knowledgeable enough to circumvent the security. Cracking WEP security could take a long time depending on how much data is going back and forth. It takes time no matter what. Are people willing to invest that time to crack my network? I don't think so.

The main question you should ask yourself is how much money you are willing to invest to protect your data/ communication. Did you invest in 3 different servers with RAID 5 in separate locations behind a proper lock? Have you got a completely automatic back-up system over a encrypted VPN? How far does your paranoia go? How much money are you willing to lay down for peace of mind. Those are the relevant questions here.

So do with that what you will. WPA is saver of course, but it's not like granny from next door would be able to crack your network if you use WEP/ MAC filtering.

That's why you would make two separate networks. Only in home environments where 9 out of 10 times it doesn't matter either way you would connect the wired network to a wireless network. See my post above.

I think it's unanimous that WEP is nearly as unsecure as having no security. It's still very difficult to crack WPA2. However WPA2-TKIP is easier to crack than WPA2-AES. So always use AES only when possible. If you're really interested in PC security subscribe to podcast "Security Now". I have learned alot from this show!

You'd be surprised. As an experiment last year I set up a router with WEP in my dorm and someone successfully cracked it within a couple days. I know this because I had the router configured to forward requests to a honeypot machine running wireshark.

Also, it's possible to generate traffic over the network to get enough packets to crack the key, so all you really need is a machine associated with the router to break the encryption. No real communication has to be taking place.

My brother lives in a small town. He is just an ordinary person in that he's not rich, doesn't run an ebusiness, or have any other obvious reason why someone would want onto his network, but it happened. The cracker was using his (and others) connection for illegal purposes and the police got involved. He was almost barred from using the internet completely by the justice system. The only reason he wasn't was because they found the other people cracked by the same person and put it together that it wasn't my brother doing the illegal activity, but this other person using all these computers. It was very close and very hard on my brother. And he wasn't any novice computer user. He has above average knowledge and still got bit!

I don't care about people using my bandwidth, but I use encryption to protect myself and the uses my computer could be put to without my knowing it.

Also, there are plenty of cracking scripts, programs and advice freely available on hacker forums. Even fairly novice script kitties can subsume moderately secure networks. By protecting yourself, you're protecting the rest of us by (hopefully) not enabling the transmission of DDOS attacks or viruses.

From what I know, you can easily use programs like Backtrack3 (w/ Kismet) to detect the MAC address of any computer connected to a router. From there, you can spoof your MAC address to match that of the computer connected and connect instantly. I've done it myself, and it isn't too difficult. Some protection is better than nothing though. Also, turning your SSID off doesn't make that big of a difference, for you can find networks that aren't broadcasting their SSIDs using various free tools. That said, use WPA2 with AES and not TKIP. I was reading up on WPA encryption w/ TKIP, and apparently, researchers were able to track WPA w/ TKIP in a very short amount of time. You can also limit your broadcast signal strength so people beyond the vicinity of your house can't connect to it.

TL;DR version: Use WPA2 w/ AES encryption. MAC filtering offers some protection, but it's easily bypassed. Leave your SSID on for the sake of convenience. Of course, the safest thing is to use a wired connection.