[marvin]

Quote:

Originally Posted by wantmyf1 /img/forum/go_quote.gif I think it's unanimous that WEP is nearly as unsecure as having no security. It's still very difficult to crack WPA2. However WPA2-TKIP is easier to crack than WPA2-AES. So always use AES only when possible. If you're really interested in PC security subscribe to podcast "Security Now". I have learned alot from this show!

WEP likely an order of magnitude or two more secure than having no security. You're lowering the subset of people that would be able to access your network from the (any wifi config) set to the (specific wifi config)(some tech skill)(willingness to break in) set.

Moving to WPA2-AES is an improvement, but not as much of one as you'd expect for most users. The subset of people that would be able to access your network only shrinks from the (specific wifi config)(some tech skill)(willingness to break in) set to the (specific wifi config)(some tech skill)(willingness to break in)(willingness to wait a few weeks) set. Weeks can be changed to "practically forever" with a good passphrase, but few people are willing to put up with #@QFa5a43qrq!!@$#@ style passphrases.

 

[EnOYiN]

Quote:

Originally Posted by MCC /img/forum/go_quote.gif You'd be surprised. As an experiment last year I set up a router with WEP in my dorm and someone successfully cracked it within a couple days. I know this because I had the router configured to forward requests to a honeypot machine running wireshark. Also, it's possible to generate traffic over the network to get enough packets to crack the key, so all you really need is a machine associated with the router to break the encryption. No real communication has to be taking place.

Thanks for being so concerned with my safety. I can assure you that although I might run a wireless network with just WEP I'm feeling quite secure nonetheless. I'm running a Untangle server in front of this and I've got a separate wired network with another Untangle server. Untangle has a very good and secure MAC adres filter and is quite hard to crack. It also detects attacks and DDOS etc.

I am quite knowledgeable on the subject of cracking wireless networks and computers so I know that you would generate traffic in order to crack WEP. Otherwise it would take ages (well, a few days is more like it) to crack any network. I've got 2 laptops installed for this purpose: testing the security of networks/ computers. I've also had multiple 'ethical hacking' courses over the last few years.

Quote:

Originally Posted by wantmyf1 /img/forum/go_quote.gif My brother lives in a small town. He is just an ordinary person in that he's not rich, doesn't run an ebusiness, or have any other obvious reason why someone would want onto his network, but it happened. The cracker was using his (and others) connection for illegal purposes and the police got involved. He was almost barred from using the internet completely by the justice system. The only reason he wasn't was because they found the other people cracked by the same person and put it together that it wasn't my brother doing the illegal activity, but this other person using all these computers. It was very close and very hard on my brother. And he wasn't any novice computer user. He has above average knowledge and still got bit! I don't care about people using my bandwidth, but I use encryption to protect myself and the uses my computer could be put to without my knowing it. Also, there are plenty of cracking scripts, programs and advice freely available on hacker forums. Even fairly novice script kitties can subsume moderately secure networks. By protecting yourself, you're protecting the rest of us by (hopefully) not enabling the transmission of DDOS attacks or viruses.

Like I posted above, I'm quite knowledgeable on the subject if I may say so, but my opinion still stands. WEP is something not every person is able to crack. Now, if you are living in a dorm of MIT you might want to start thinking about forgetting this wireless business altogether, but if you're living in the middle of nowhere (like me) and there are only 2 other houses which can even receive your network then it becomes a completely different story. And again, it's how much you are willing to invest and how much other people willing to invest to get around it. You can crack pretty much any network out there like marvin posted. As long as you want to invest time, money and knowledge. How many people do and can crack mine? That's an assessment everyone has to make for themselves. If I would have to crack my own network I would have a really hard time doing so. If people are looking for zombies they would probably pick another network/ computer.

 

[helicopter34234]

Sorry to revive this dead thread, but I think the discussion is very interesting and I have a few questions regarding what was said.  It was mentioned that you should set up two separate networks, one for secured PCs and one for leisure web-surfing pcs.  How do you have two separate networks for wireless and wired connections?

 

[krmathis]

Not secure at all.
WEP can be cracked in a matter of 5 minutes, and then I think they can clone your MAC address quite easily.
 
I would (and have gone) for WPA2-PSK

 

[Welly Wu]

WPA2-PSK has been compromised already. I choose to configure WPA2 with 802.1x authentication and I use the AES encryption algorithm for the maximum security available given that I have an Actiontech modem, router, and hub from Verizon FiOS. There are much better dedicated routers and hubs out there, but I have not begun my research phase yet. I might decide to go with one that support DD-WRT and pay for it though.