Open Wireless and the Illusion of Security

More important that protecting your bandwidth is protecting your reputation, I see some people here have been warned about people downloading copyrighted material via there connection - what about illegal material. Illegal types of porn or worst still terrorist activities. You wouldn’t want the authorities knocking on your door and then the battle to prove that it wasn’t you that downloaded that stuff - much worse than just some copyright suing contest.

Quick note: I just realised how that could be read, I’m not saying that there are things worse than illegal types of porn, I’m just thinking about british law, etc. allowing you to be locked up for ‘x’ days without charge on the mere-ist hint of envolvement with terrorist activities.

I agree with thing2k - I use wireless encryption solely to keep 99% of potential crackers away from my bandwidth. It is kind of like having ‘orange’ as a captcha - easy to break, but effective none the less.

What’s the saying? Locks are there to keep honest people honest.

If all you’re worried about is protecting your bandwidth, then WEP is fine. Hell, for that matter, just not broadcasting your SSID should be sufficient.

Depending on where you live, say an area that’s not particularly known for being technically literate (let’s just say some random city in Kansas for the sake of argument), I would not be at all surprised if in the entire life of your router there is never a single person who has the desire and know-how to defeat either of those precautions.

Even if you are in a technically literate area (say, silicon valley), you still probably don’t have anything to worry about. Sure, someone may well access your network… but it’s just one person. They’re probably not going to affect your bandwidth all that much. If they do, you’ll notice it and ban their MAC.

Some people here are worried about getting into trouble with thier ISP’s for copyright crap, or worse the FED’s for illegal crap stating that it would be a battle to clear your name. Are you serious people? I assumed most reading this blog were of above average intelligence, I mean here you are discussing cryptography, yet you think it would be hard to clear your name? Hmmm they have an IP or a MAC that they tied to the download…so? If you’ve nothing to hide handing over your hd is trivial. If they can’t prove that YOU downloaded the offensive/illegal material (e.g. by finding it on your hd) then you can’t be charged for much more than being stupid enough to let your terrorist/child molester neighbors hop onto your network. As they say possession is 9/10ths of the law. Sure you’ll be watched for the next couple months, but after watching you do the stupid innocent crap we all do on the net for a couple months they won’t be bothering any time soon.

If your network is open, you can claim in a court that someone else have been using your network to pirate files (especially if no such files were found on your pc).
If your network is closed and secure, you will have to prove that someone hacked in (even though it’s EASY to do).
Therefore a secure network is in fact making you less secure by a) not adding much additional security, but b) making you more responsible.

That is one of the reasons Schneier listed in his blog.

Please enter new password:


Sorry, password not long enough!

i thought encryption increased latency since the router has to decrypt traffic. a coworker suggested using mac address whitelisting. im using wep still because its the most convenient for all devices. i kind of have this principle in life where i wait for something to happen before i change what im doing. if someone hacks my network, then i’ll change the settings. it seems to be deterring random people from connecting just fine.

… if you’ve enabled WEP, or WPA with anything less than a truly random passphrase of 33 characters, you don’t have security.

Does that mean you go against your previously stated belief that pass phrases are better than passwords, at least for your wireless access? (July 17, 2005 post) Just curious as to why in this case you would go with a 33 random character password rather than a longer, more complex pass phrase.

This is the programming equivalent of realizing that Peopleware is ultimately a much more important book than The Art of Computer Programming.

Ouch! Are you certain you’d still feel that way if you read the latter?

Bruce is the expert and I’m nobody. I have no qualifications to support my opinion that he really enjoys being contrarian and thus annoying (which is not to say he isn’t right). This is based on my observation that he seemed to be criticizing everything everyone else is doing, and making only the most vague positive suggestions. I stopped reading his blog some time ago, so that may not be valid anymore.

So, what do I know? There are several open wireless signals near my home that anyone looking for a signal can use, and I’m a nonentity so my data isn’t likely to be targeted, so I feel that my simplistic, childish efforts to lock down my wireless is adequate. I’m not into getting into pi__ing contests with experts.

I desperately want to protect the thin sliver of upstream bandwidth my provider allows me.

Yep. WHen I first got a wireless router I decided to keep it open in case neighbors wanted to share. A few weeks later, I was trying to play a game and getting a terrible connection… I checked the router and noticed a neighbor using nearly all of my bandwidth downloading stuff.

Now only specified MAC addresses can connect.

@M: If your network is open, you can claim in a court that someone else have been using your network to pirate files (especially if no such files were found on your pc).

That is soooo not true. The email I got from my ISP clearly stated that I am responsible for protecting my connection to the internet. If someone gains access to my internet connection due to an unprotected wireless router, I am fully responsible for the data that is transferred.

paul mentioned use of an open WiFi connection that I hadn’t even thought about. And just because you live in an area where your neighbors are not very bright, doesn’t mean that someone wardriving can’t find your open WiFi connection and go to town while sitting in his car. He has to be caught by the police in order to be arrested for such activity. If you have an open WiFi connection, it’s unlikely you are going to know that someone is sitting outside your house using your connection that you were unaware of.

These days, it’s just downright stupid to leave a wireless router open for anyone to connect to.

Regarding the DS and WEP, I have an Airport I plug in when I want to do an update or play online. That, or I find a free access point like a coffee shop and go from there.

That said, I find it annoying that I need WEP to get my game on :frowning:

I finally have a reason to post a comment.

I use WEP, and I know it is crackable. I don’t care and I will tell you why.

My goal is to protect MY bandwidth from roaming neighbors (etc.). Unless you have a crazy hacker as a neighbor, none of the average people will be able to crack your network and bleed it with WEP enabled.

So, if your stated goal is the same as mine (and it seems to be) you have no need for WPA with a 33 character randomly generated password.

Bruce Schneier has it right. However he should at least put WEP on his network to prevent the average person from bleeding his bandwith.

Timothy F. Brown

Security is always an attempt to leverage against time, money, resources and motivation. WEP is the networks no trespassing sign. It does nothing but tell those with little motivation to stay away.

I think Bruce misses the bigger picture too often. With an open wireless and secure computers, he is keeping his valuables in a big safe, but removing the locks from his front door.

I live just on the border of a rural area, yet at least one of my neighbors is running a wireless network as well… it used to be on the same channel as mine.

I use WEP for precisely the reason others have mentioned: Not necessarily to protect me, but to prevent casual users from using my network… and because my DS doesn’t support anything better (damn you, Nintendo).

Also, there’s my neighbors wide open network in the same range…

I use WPA. mac access list and no SSID broadcast. I feel safe.

If my ISP slaps a monthly download cap on me, there is a good chance that a killing spree will ensue.

While I wouldn’t recommend WEP, I will say that it isn’t totally worthless.

There are a LOT of people who leech off of wireless networks, but have never bothered/learned/tried to crack WEP. In a dorm or apartment complex, even having the poor protective of WEP will often cause leechers to ignore your network and leech from someone else, who is totally unprotected.