Totally agree with the illusion of security. We’ve been trying to tell that to our group for a while.
Example: at our work, we have to use these electronic keys for the building. We have tons of paperwork to get them, tons of paperwork if we lose them, audits, etc.
Guess what I found out my first day? I got lost on a floor and walked up to the wrong office front. Stuck in my key, beep beep, got in. The receptionist pointed me to the right office, but had she not been there, or been a temp, I could have walked in and one what I wished.
The MAJOR advantage to WEP over completely open is that it stops people from connecting without even realizing they’re doing it.
Some people have their laptops configured so that it automatically connects to any open WiFi port. Astonishingly, some of these people DON’T EVEN UNDERSTAND WHERE WIFI COMES FROM. It just works in some places, and doesn’t in others. Magic.
If I had lots of bandwidth to spare I’d just let them have it. Why not? But, sadly, I’ve got a very limited amount of bandwidth that the cable company condescends to let me buy.
I keep my WiFi set to WEP because sometimes I like to connect with my Nintendo DS, which for some reason, doesn’t do anything better.
I wish there was an easy way to keep my router open, but only let others use a certain percentage of my bandwidth. I mean If I was desperate, I’d rather have 10kb/s of free wifi then nothing at all.
Alternately, live in a house far enough away from everything that people would have to sit in your front garden to even get a low signal from your router!
How timely. I was just re-reading Why Software Sucks by David Platt (http://www.whysoftwaresucks.com/), and the section on security makes specific mention of Bruce Schneier’s regrets about his epic book. Platt makes the same point that, like most computing problems, security is a people problem more than a technical one.
Also, coincidentally, I just moved into an apartment complex and one of my neighbors is running an unsecured wireless network with Comcast service. Since I am on lowly dial-up until I build up a sizable savings, I have been enjoying their 11 Mpbs with or without their knowledge.
I think this man is very lucky no one in his area jumps onto his Wifi and downloads a movie that’s still in the theaters off an unencrypted torrent.
The MPAA would not buy I leave my network open for all to use.
If I were to leave a loaded handgun in my mail box, and some kids found it and shot someone, would the judicial system let me go since I have an open policy with my handguns?
It’s sad that this is what it boils down to, but it does. The systems in place to regulate things are terribly far behind when it comes to lawsuits involving what is in my opinion horrifically unfair precedent, that is obviously perpetuated by the money and power of a group of people watching their profits slip away. The judges have to take weeks to have this stuff explained to them. The technology has had a few too many leaps and bounds.
Anyone familiar with the immense fun that can be had wardriving knows WEP/WPA is crackable, but given the severe nature of assumed guilt in these cases, I would get a traditional wired router, and run everything I could off that. Drop the uplink of that to one of the wired ports of a wireless acsess point that was carefully set up to only allow certain mac addresses through. You’d still have to watch for spoofing and other methods to break that, but you have to do something.
There are many cases of people being sued by both the RIAA and the MPAA when they are clearly not technologically savvy enough to do so. I believe often these people are the victim of internet hijacking.
My personal method is to literally disable the wireless on the router when its not in use. My house is already wired for CAT5 so I do have an advantage in this respect, but yea wired wireless. Speed, security, its just better. This day in age, its beneficial to certain file downloaders to hijack someone elses internet so they bear all the responsibility when the ISP starts sending out warning letters.
Never mind bandwidth throttling, try being brought to trial. D:
Jeff writes, A few years ago it was easy to find an open one almost anywhere, usually with the default name of Linksys or Netgear. Now it’s far less common. No wireless router that I know of comes with WEP or WPA on, so I assumed the general public was getting slowly educated about security.
There are something like 20 routers visible to me, most in the form 2WIRE###. ATT had a new deal out for cable over DSL, and apparently the neighbors loved it. If you think the average consumer has little incentive to care about wireless encryption, ATT certainly isn’t caring too hard for them.
Some people have their laptops configured so that it automatically connects to any open WiFi port. Astonishingly, some of these people DON’T EVEN UNDERSTAND WHERE WIFI COMES FROM. It just works in some places, and doesn’t in others. Magic.
A great point – and a valid use of WEP!
I’ve been surprised how many wireless access points are protected these days. A few years ago it was easy to find an open one almost anywhere, usually with the default name of Linksys or Netgear. Now it’s far less common. No wireless router that I know of comes with WEP or WPA on, so I assumed the general public was getting slowly educated about security.
Bruce lives in a very nice neighborhood! THAT is his best security strategy.
Another thing that you might want to experiment with is to name your network with something like, hackers or virus. The fact that it’s wide open for anybody to enter makes it even more scary.
I doubt I’m going to attract a serious cyber-attacker going after my WiFi. More likely the casual snoop or bandwidth leech. For those, even WEP is pretty good. I’d guess it’s illegal to break into a secured wireless network (if push came to shove and you needed to take action against an abuser); might be less clear if you ran an open wifi network.
There is NO reason why you shouldnt use the maximum length WPA password as generated by a random generator (google WPA password generator). A 63 char WPA password is the best you can get with current technology I think.
Monthly limits is exactly why I want to secure my network.
12 gb limit and above that I pay 1.5 euros for every gb.
So yes, I don’t want my neighbours to use my network.
Didn’t use WAP though (gave problems with vnc…) but I have my router configured to only give ip addresses to the pcs I have via their MAC address. Seems to work fine.
Of course, my neighbours can still sniff my data and there are workarounds for the MAC address but hey, they’re dummies too
I used WEP and I’m really not that concerned that my desperate housewife neighbors are going to crack my wireless network. I would have to say that even crappy WEP is fine 99.9% of the time.
What I’d like is a router that gives the best of both worlds.
it would have multiple zones and allow multiple forms of encryption
public, old, and private as follows:
Public would be time-limited and/or restricted bandwidth. It also would discourage persistent mooches by tracking MAC addresses. Public zone can’t see any other devices on the network. it can only see the router, and the router could also blacklist or whitelist IP’s and domains if you wish.
Old would be for WEP devices that can’t use newest protocols, and ‘old’ can only see private zone computers if enabled on a device-by-device bases. The thinking here is DS-lite and other things that likely don’t need full network access nor a strong key (since WEP is broken anyways), but we don’t want to compromise the security of the entire network for the sake of a few devices that are rarely used.
Private would be the highest level of encryption. Everything in this zone can see each other by default. This is the internal network.
To round this out, the router would have a display showing usage/activity/etc on the front of the unit, and there would be hard buttons to turn any of the zones on or off. The display would be decent, and not just a couple of LED’s with gray on gray text in an 8 point font.
My own 99 quid 3com router is a braindead piece of sheet, needs the occasional reboot, and was a complete hassle to get it working with WPA on my mac. As far as I can tell, router technology hasn’t advanced too much.
My point is we can create a device that gives you reasonable security and choice in a presentable way that even mom’s and dad’s can understand.
@Dave: I’m not sure your reasoning is sound in all jurisdictions. Isn’t I didn’t do it, my wifi was open a perfect way to defend yourself if you’re accused? Claiming that you didn’t do it when your wifi was protected is much harder to pull off.
Strong passwords and white-listing of MAC addresses are the best you can do for your network. With a MAC white-listing, there is no way someone can access your network. And even if they did, through some magical technology, they’d have to have another petaflop or two to crack the strong password. And even if they could do that within 30 days, I change the password and then they’d have to re-petaflop their cracking algorithm.
Even better, keep an open network as a decoy and another one with strong decryption. Let them access your junk network pointing to copies of MSDOS3.3 and such.
If everything else fails, you can always grab the attacker by the WinSocks :))))))
