In the UK, BT routers come with WEP enabled by default and I suspect many providers do the same. Pretty irresponsible really, and arguably worse than shipping with no security enabled at all.
My recent attempt to switch to WPA went OK for Windows but I failed to get my linux laptop to connect (Ubuntu). I must try again sometime.
I personally would not mind letting other people use my WLAN. Regarding bandwidth, that’s easy: I’d run a Linux router and make it used priority scheduling. Packages of known hosts will get high priority, everything else will get low one. That means other people can use only my idle bandwidth. Whenever I need bandwidth, I will get it, slowing down their throughput, but hey, it’s my network, my bandwidth, I paid for it, so I can use it whenever I want to. However, most of the time I have a lot of idle bandwidth, why shouldn’t other people be allowed to use it? Also I have unlimited traffic, so I don’t have to pay more if other people use it.
The real reason behind securing my WLAN is the German law. Unlike an ISP, who is not responsible for what their users are doing online, courts have decided that if you ran an open WLAN in Germany and other people abuse it (spamming, copyright violation, and so on) you ARE responsible for it. It was done via your account and you could have prevented it (by using an encrypted WLAN), you did not, hence you are responsible for it.
All this talk about whitelisting MAC addresses makes me want to ask: since a MAC address can be configured on pretty much any wireless NIC is this ‘security’ technique truly effective? Or is it something that just adds a minor level of annoyance to someone who wants to hack into a network (similar to protecting with WEP)?
If all cars have no locks, then your car with a lock is much less likely to be stolen
If all cars have locks, then your car with an alarm is much less likely to be stolen
If all cars have alarms, then your car with an immobiliser is much less likely to be stolen
If your WiFi is unprotected then it will get hijacked
If your WiFi is has WEP then it is less likely to get Hijacked
If your WiFi is has WEP with a decent password then it is even less likely to get Hijacked
etc …
The point to take home is that just because you use WEP/WPA/whatever, you’re not secure. Don’t be fooled, with enough resources all wireless is hackable because people can monitor the encrypted traffic.
You are however a little more secure. There’s still a heck of a lot of unencrypted traffic, and someone can sit outside, record your actions, make a note that you’re about to go on vacation for 1 week, leaving flight xyz at 1300, etc.
Someone mentioned their terms of service saying they are responsible. That is different than legally responsible for illegal content. That said, unless you have money to burn, you’re better off not going up against the MPAA legal team justifying their salaries. Regarding the terms of service, you may have still have your account terminated or face a bandwidth bill, and that’s your fault because that’s what you agreed to. You do read the fine print right?
Encryption as a means to ensure you’re not spoofed is a good idea.
When traveling it is nice to hit free wifi and grab my mail, but again I worry about who I’ve connected to. Is it just a honeypot and they’re watching what I’m doing?
Stick with Cat 5
At a place I used to work at, all they had was rubbish WEP, because it’s the lowest common denominator. Literally thousand upon thousands of laptops meant that they couldn’t even conceivably change the password without major effort. The solution was that they regarded the WEP as compromised and had a really good VPN which they did control rather tightly, and all traffic was routed via the VPN. Nothings perfect, but it works. (vss over vpn over encrypted wireless - ouch!)
The only problem I see is that it’s a high barrier to entry to do things correctly. I have a job and a life, and I just don’t have the time to set everything up ‘just so’ to make sure I’m safe. Small companies don’t have a chance either. They can only usually afford some small time hobbyist and hope they know what they’re doing.
This is the point of security. It’s too hard, so you do a few things and hope for the best.
the incontrovertible mathematical guarantees miss the point
no they are actually just wrong. there is no water tight mathematical guarantee that any encryption is secure. it is breakable by default, or else you can’t decrypt it…
this has always been the case and always will be, its trivially provable.
now as to the amount of time it takes to crack… that can be analysed and used as an /indicator/ as to how quickly a given encryption can be cracked.
ultimately anyone who says security method x is unbreakable for the next y years is wrong by default. and forgot a whole load of common sense before using their fancy theories… or they understood this and missed the importance of careful wording.
I leave my home network open. The chances of my neighbors being highly skilled hackers is next to zero, and even if one moves in or visits without my knowing it, there isn’t much exciting or incredibly sensitive on my machine in any case. The worst that can happen is they maliciously screw up my computer, but I have regular daily backups, and believe enough in human nature that if I label my network FreeWifi, only a total prat will feel the need to cause damage.
So the main threat is my neighbor using too much bandwidth with torrents, etc. That hasn’t happened in the 6 or so years I’ve left my connection open, and if it one day does, then I’ll just lock it, or set a limit the bandwidth for outsiders (the fon network works like this). No big deal.
I also travel a lot, and it’s an incredible pain in the ass to have to pay (and register through some incredibly slow, clumsy process with an incomprehensible UI) for a new wifi hotspot at every damn place I stop. I am overwhelmed by gratitude anytime I find an open network so I can quickly check on some things on the web before moving on. What goes around, comes around, and some generosity on everyone’s part would make everyone have to pay less and be less frustrated with web access when not at home.
I’m not at all an expert in security and cryptography, but what about WPA2? Is it much more secure by itself than WPA?
My WiFi network at home is WPA2-encrypted. I’m using Windows Vista and Ubuntu computers. I’ve noticed that Windows XP computers can’t connect to it, because WinXP does not support WPA2.
Advanced people miss the point on this. I know enabling one of these protocols isn’t stopping another advanced hacker. It’s stopping my neighbors from accidentally or even intentionally using my wireless network. Most of my neighbors have computer literacy rates slightly above your average 60 year old. Do you lock your front door to keep out lock-pickers and safe-crackers?
Jheriko,
actually there is one encryption that is provably uncrackable, given some prerequisites:
http://en.wikipedia.org/wiki/One-time_pad
Unfortunately, it is somewhat impractical to use.
My No Wires setup at work and at home…
This is why I use WPA-2 and I also use MAC filtering. I have an unusually long passphrase that includes numbers and symbols within words, I also do not broadcast my SSID. I like to think that my set up is secure. I have tried to hack my own network using a laptop that was not on the MAC address list. I was not able to connect. In fact, most wireless software did not even see my network in the first place. I live in a city and there are always at least 5 other networks availabe. I believe the difficulty one would have in gaining access to my network would be enough to keep them from trying. I think they would be more likely to suck the bandwidth from one of the other people who have no security or WEP on thiers.
@mikeb: MAC is likely a major annoyance because you have to guess it to crack it. It is effectively the first line of defense. If that line of defense fails, then you have the strong password which is not very crackable.
Check out the book called Wi-Foo which is a very interesting read on Wardriving and network security. And a very in-depth read too.
The shift in focus from coding issues to management issues simply shows that you are grasping the bigger picture. I suspect that you would have been middle management in a few years.
Just a comment. 
Security is a hard one - speaking frankly, a truly secure organization will intimidate most employees who are used to many privileges which are easily exploitable. Adding on to that, bioengineering techniques are both appallingly easy to utilize. Security is largely a bit of an illusion… but still a necessary illusion.
Though a determined industrial hacker will probably get in, they’re pretty rare and most companies wouldn’t have the budget to stop them anyway - they’re essentially a risk of doing business like fire or professional indemnity. The majority of security is for deterring both amateur and employee thefts… and I’d even say it’s right up there with the broken window mentality: if people see a booth with a security guard in it, they immediately know that the building is cared for and protected. If there is an IT policy paper, they understand that the IT care for their IT systems - even if that IT policy is a bit hard to work with. The absence of physical and digital security or checks and balances like auditing gives people who encounter it a sense that no one cares.
A very interesting thread/discussion for a change. I found decoy networks and honey pots to be very effective in fighting intruders.
How do you build a honey pot? You can google it.
I’m sorry, but I’m going to have to disagree. Even if WEP/WPA can be cracked easily, it’s still better than nothing. If someone is sitting outside my house with a laptop and sees four or five wireless networks available, chances are he will connect to the one with no security. If I got WEP turned on, even with a weak password, chances are he will connect to my neighbor’s network because it’s not locked down.
Tell me, wouldn’t you see more spam in the comments if you took the orange captcha off?
But I think I get it. Security is a tough problem. If you take the
option of mindlessly flipping a WPA or WEP switch off the table,
you’re now forced to think more critically about the security of
(sigh) No, you don’t get it.
Bruce said his reason right at the top:
To me, it’s basic politeness. Providing internet access to guests
is kind of like providing heat and electricity, or a hot cup of
tea. But to some observers, it’s both wrong and dangerous.
He then goes on to explain why he thinks its neither, but that explanation is not really the point. The above statement is.
Sure, your ISP wants you to lock down your wireless network. For that reason, they do everything they can to get you all worked up about wireless security. Their worst nightmare is for every neighborhood to have only 2 or 3 generous people providing access for everyone else. Its a matter of money to them.
But what does it profit you to do that work for them? Except in some rather unlikely scenarios, not a thing.