Possible to make WEP secure?

Discussion in 'Wireless Networking' started by Ari, Mar 7, 2006.

  1. Ari

    Ari Guest

    I am using a WEP wireless modem that does not have the ability to do
    WPA.

    I have my file sharing turned off on the wireless computer (laptop)
    and use it in my home only. I have no interest in connecting computers
    together to share files, it's strictly a wireless internet
    connectivity setup.

    Is there any way to secure the data that passes over the wireless so
    that it is not available to hackers without buying a different router?
    I want the data that I send over the air to be relatively secure and I
    want to make sure no one accesses my system via the wireless.

    Thanks,

    A
    Ari, Mar 7, 2006
    #1
    1. Advertising

  2. Hi

    When the connection is a direct connection between a Wireless Router and a
    computer there is No other ways to add security against sniffing the Signal.

    Braking WEP is possible but it is not like every "Joe" can do it at any
    moment at his own will, after all, it was the only encryption available for
    Entry Level Wireless for few years.

    It takes time to sniff the amount of packets that are needed to break the
    WEP. You can decrease the likelihood of a Security Bridge by frequent
    changes of a Strong Encryption key.

    Otherwise, if security is really a big concern, a WPA capable Wireless
    Routers can be found on sale for less then $30.

    Jack (MVP-Networking).



    "Ari" <> wrote in message
    news:...
    >I am using a WEP wireless modem that does not have the ability to do
    > WPA.
    >
    > I have my file sharing turned off on the wireless computer (laptop)
    > and use it in my home only. I have no interest in connecting computers
    > together to share files, it's strictly a wireless internet
    > connectivity setup.
    >
    > Is there any way to secure the data that passes over the wireless so
    > that it is not available to hackers without buying a different router?
    > I want the data that I send over the air to be relatively secure and I
    > want to make sure no one accesses my system via the wireless.
    >
    > Thanks,
    >
    > A
    >
    Jack \(MVP-Networking\)., Mar 7, 2006
    #2
    1. Advertising

  3. Ari

    James Gockel Guest

    In addition to what jack said, that WEP is secure enough for common home
    use... not secure for office use with alot of computers because of the way
    it can be broken. If you only have one or two, even ten, computers on a
    wireless network, for some sniffer (can't really call it a hacker) to get
    the wep password would take probably the better part of a year. Every day in
    front of your house, with his computer, logging every encrypted packet.
    Hoping to get enough to break the code. Where in an office environment with
    40 to 50 computers, that can be achived faster within a few days.
    Anyway, the next point is that you should check to see if there are firmware
    upgrades for your router, with a new revision you may get some features that
    originally werent available.
    And then third of all, if you're really paranoid, you should look into
    tunneling software or proxy servers, where you can encrypt the data itself,
    and you're paying for the security.
    In the end, 90% of all the stuff you do at home on a wireless network
    shouldn't cause you to be so paranoid... you're more at risk of having a
    virus or spyware attach itself to your machine and seeing what you do.
    Personally I have WEP turned off on my home network (it slows things down
    and for some reason causes poor connections), because I know I can tell if
    someone has hacked our network, I live in a busy city area where even after
    1 and a half years, still not compromised.
    A better way to secure yourself even with WEP on, is turn off the BSID (aka
    ssid) this way no avarage person can just walk around with a laptop and say
    oh look here's so-and-so's wireless. But if you're using windows wireless
    configurator, as far as I know, you can't connect to networks with the bsid
    turned off. grr!

    -James G.


    "Ari" <> wrote in message
    news:...
    >I am using a WEP wireless modem that does not have the ability to do
    > WPA.
    >
    > I have my file sharing turned off on the wireless computer (laptop)
    > and use it in my home only. I have no interest in connecting computers
    > together to share files, it's strictly a wireless internet
    > connectivity setup.
    >
    > Is there any way to secure the data that passes over the wireless so
    > that it is not available to hackers without buying a different router?
    > I want the data that I send over the air to be relatively secure and I
    > want to make sure no one accesses my system via the wireless.
    >
    > Thanks,
    >
    > A
    >
    James Gockel, Mar 7, 2006
    #3
  4. Ari

    Ari Guest

    Thanks to both you and Jack.

    However, I am not inspired by WEP's 'security'. I read about the FBI's
    public demonstration of cracking a 128 bit WEP encoded key in 3
    minutes flat. Although the people manning the monitoring computer were
    professionals::> But, every bit of the software they used was freeware
    and widely available as was the receiver used to monitor with.

    Perhaps you'd entertain an additional question......

    If I have file sharing turned off on both computer's network settings,
    can a hacker do any harm even if the data is unencoded (besides the
    info he/she can pick up by passive monitoring)? Please keep in mind
    that my computers are NOT networked for the purposes of sharing or
    exchanging data between them.

    I know encrypted data that web browsers use is considered safe, and it
    can be sent over unsecured links....it just seems odd that there isn't
    a practical way to use older WEP capable wireless links today.

    Regards,

    A


    On Tue, 07 Mar 2006 11:32:44 -0500, Ari <> wrote:

    >I am using a WEP wireless modem that does not have the ability to do
    >WPA.
    >
    >I have my file sharing turned off on the wireless computer (laptop)
    >and use it in my home only. I have no interest in connecting computers
    >together to share files, it's strictly a wireless internet
    >connectivity setup.
    >
    >Is there any way to secure the data that passes over the wireless so
    >that it is not available to hackers without buying a different router?
    >I want the data that I send over the air to be relatively secure and I
    >want to make sure no one accesses my system via the wireless.
    >
    >Thanks,
    >
    >A
    Ari, Mar 7, 2006
    #4
  5. Ari

    James Gockel Guest

    Ok, here's the real poop, as far i know it.
    The way that it can only be cracked is by one specific packet that sends the
    one single part of the wep key unecrypted. If that one packet (which is
    rarely transmitted on a home network) is sent enough times, litterally
    thousands, the key can be decyphered. On a business network where different
    kinds of packeting and more complex systems are used, this one unecrypted
    packet can be transmitted hundreds of times a day... where on a home system
    you're lucky if it's sent once a day. (where also in that FBI demo, they
    probably set up for that packet to be transmitted constantly...)
    Yes, it can be monitored if that person wanted to buy a $200 wireless card,
    and a good computer system to do the work. But you're likelyness of someone
    even thinking of hacking your network is slim to none, and slim left town!
    Especially when they can drive down the road they can hack into a insecure
    one and do whatever they want!! To be brutally honest, you're just paranoid.
    Second off, like you mentioned, anything you do online, like purchasing, if
    it's site is secured, then you're safe there! And nothing to worry about.
    Third, to answer you most important question, if someone did hack into your
    network, and you had all your sharing shut off, you're pretty much safe.
    Although, windows xp pro machines have (had) shared for administrative use
    (I think) that if you didnt have an admin password, they were open. If you
    really think you need more security, look into software firewalls... this'll
    only stop anything from people on the network from hacking your machine or
    at least let you know if something is happening. But in most cases people
    don't need personal software firewalls because the router can do this for
    you, between you and the internet.

    Lastly, No one is going to hack you or even bother trying to hack if you're
    using WEP... it's too time consuming, and unless you had Top Secret data,
    there is nothing to worry about.

    -James G.



    "Ari" <> wrote in message
    news:...
    > Thanks to both you and Jack.
    >
    > However, I am not inspired by WEP's 'security'. I read about the FBI's
    > public demonstration of cracking a 128 bit WEP encoded key in 3
    > minutes flat. Although the people manning the monitoring computer were
    > professionals::> But, every bit of the software they used was freeware
    > and widely available as was the receiver used to monitor with.
    >
    > Perhaps you'd entertain an additional question......
    >
    > If I have file sharing turned off on both computer's network settings,
    > can a hacker do any harm even if the data is unencoded (besides the
    > info he/she can pick up by passive monitoring)? Please keep in mind
    > that my computers are NOT networked for the purposes of sharing or
    > exchanging data between them.
    >
    > I know encrypted data that web browsers use is considered safe, and it
    > can be sent over unsecured links....it just seems odd that there isn't
    > a practical way to use older WEP capable wireless links today.
    >
    > Regards,
    >
    > A
    >
    >
    > On Tue, 07 Mar 2006 11:32:44 -0500, Ari <> wrote:
    >
    >>I am using a WEP wireless modem that does not have the ability to do
    >>WPA.
    >>
    >>I have my file sharing turned off on the wireless computer (laptop)
    >>and use it in my home only. I have no interest in connecting computers
    >>together to share files, it's strictly a wireless internet
    >>connectivity setup.
    >>
    >>Is there any way to secure the data that passes over the wireless so
    >>that it is not available to hackers without buying a different router?
    >>I want the data that I send over the air to be relatively secure and I
    >>want to make sure no one accesses my system via the wireless.
    >>
    >>Thanks,
    >>
    >>A
    James Gockel, Mar 7, 2006
    #5
  6. Ari

    Ari Guest

    Thanks James,

    Read your entire message and appreciate that you took the time to give
    me the information, thank you.

    The system here is a router with hardware firewall and each computer
    had Zone Alarm Free version. Without any software firewall running,
    the router firewall blocks everything is stealth'd on ALL ports.

    All of our computers get scanned one a week for spyware using spybot
    and ad-aware.

    We use AVG free virus scanner.

    Outlook, Outlook Express, MSN and Windows Messenger are removed from
    our hard drives.....they won't even get started by 'accident'.

    No software gets internet access unless it actually needs it, Bill's
    media player doesn't catalog my music or download album covers or
    organize playlists. It also doesn't acquire DRM licenses
    automatically::> No software gets automatic internet access except for
    Windows Update, the virus scanner, Eudora, Agent and a very few
    others.

    We removed Bill's Office suite, and now run Open Office.

    Internet Explorer has java script and activeX completely
    disabled....and, we use Firefox, not IE. IE is there because Bill
    Gates OS won't run without it. We use Eudora and Free Agent for email
    and newsgroup browsing.

    I'm thinking about removing the flash player, it seems to be almost
    exclusively used for third party advertising on websites anyway::>

    Real Audio and some other similar media type players have been
    removed, the scandal where Real Networks got caught red handed
    collecting data on users musical preferences as a basis for targeted
    advertising is still fresh in my mind::> Perhaps not a serious
    security risk, but certainly the music and audio/video I watch online
    or in my house is my business, and no one else's --your mileage might
    vary.

    The wireless network has file sharing disabled (in the properties for
    it).

    The desktop (hardwired to the router) has file sharing disabled in the
    LAN setup.

    The 'guest' account was renamed after creating another account, issued
    a strong password and then it was deleted.

    The sole administrator account is never logged in while connected to
    the internet. It uses a name other than admin or administrator. For
    example, it's name might be something like 'Chief1' or 'the_boss'.
    Password is VERY VERY strong.

    All users, including myself have strong passwords and are required to
    log in, but we have only limited privileges. None of the users have
    guess-able names, all names are at least 6 characters in length...for
    example, my user name isn't Ari, but it might be something like aarrii
    or iira11 or ..ari//.

    I'd like the wireless to be WPA, but, as you say I might be
    paranoid::> Acknowledged. Providing multiple hoops that intruders have
    to overcome to get into the system seems to be the standard
    practice-I'd like to have WPA be another barrier if possible. I'd like
    to have WPA2, but it seems a little premature at this time, I just
    read where Microsoft didn't even release WPA2 capable drivers until
    March of last year, and WPA2 routers are not exactly common even now.

    We have no top secret stuff on our system, but we take our internet
    seriously...especially the risks that we can control. My nine year old
    daughter is more internet savvy than all of the other kids in her
    class put together.

    If that's paranoid, well, then I guess I'm paranoid::>

    Again, thanks very much for taking the time to enlighten me regarding
    the wireless security issue.

    Regards,

    A



    >Ok, here's the real poop, as far i know it.
    >The way that it can only be cracked is by one specific packet that sends the
    >one single part of the wep key unecrypted. If that one packet (which is
    >rarely transmitted on a home network) is sent enough times, litterally
    >thousands, the key can be decyphered. On a business network where different
    >kinds of packeting and more complex systems are used, this one unecrypted
    >packet can be transmitted hundreds of times a day... where on a home system
    >you're lucky if it's sent once a day. (where also in that FBI demo, they
    >probably set up for that packet to be transmitted constantly...)
    >Yes, it can be monitored if that person wanted to buy a $200 wireless card,
    >and a good computer system to do the work. But you're likelyness of someone
    >even thinking of hacking your network is slim to none, and slim left town!
    >Especially when they can drive down the road they can hack into a insecure
    >one and do whatever they want!! To be brutally honest, you're just paranoid.
    >Second off, like you mentioned, anything you do online, like purchasing, if
    >it's site is secured, then you're safe there! And nothing to worry about.
    >Third, to answer you most important question, if someone did hack into your
    >network, and you had all your sharing shut off, you're pretty much safe.
    >Although, windows xp pro machines have (had) shared for administrative use
    >(I think) that if you didnt have an admin password, they were open. If you
    >really think you need more security, look into software firewalls... this'll
    >only stop anything from people on the network from hacking your machine or
    >at least let you know if something is happening. But in most cases people
    >don't need personal software firewalls because the router can do this for
    >you, between you and the internet.
    >
    >Lastly, No one is going to hack you or even bother trying to hack if you're
    >using WEP... it's too time consuming, and unless you had Top Secret data,
    >there is nothing to worry about.
    >
    >-James G.
    >
    >
    Ari, Mar 8, 2006
    #6
  7. Hi
    Bear in mind that though the same word Security is used to describe Secure
    Internet Connection and Secure Wireless from a Computer functioning
    perspective there is No relation between the two.
    Wireless Security has Nothing to do with securing the Internet Connection.
    Wireless is just a replacement for a Wire and thus can be intercepted by
    people in the neighborhood attaching them self to your Signal and use your
    LAN and your LAN's Internet Connection. To avoid Local Tapping there are
    Wireless Security measures. These measures are unique to the Wireless
    components, and have to be used even if there is No Internet Connection.
    These short pages describe the basic principles of functional Wireless
    Security.
    Wireless Security - http://www.ezlan.net/Wireless_Security.html
    WEP, WPA, WPA2 - http://www.ezlan.net/wpa_wep.html
    Network Segregation - http://www.ezlan.net/shield.html
    Cable/DSL Router Hardware NAT and Firewall/AntiVirus/AntiSpy applications
    are the ones that protect the Internet connection from being
    invaded/infested, and preventing your LAN computers (Wired and Wireless)
    from transmitting out to the Internet privileged information.
    All the computers (as a Network) would have basic Internet protection by
    using a Cable/DSL Router. In addition, each computer on your Network that
    has access to the Internet should have its own Internet Connection
    protection regardless of whether it uses Wire or Wireless.
    Internet -Basic protection: http://www.ezlan.net/firewall.html
    Assemble Freeware Security suit for Internet Connection:
    http://www.ezlan.net/security.html
    Jack (MVP-Networking).



    "Ari" <> wrote in message
    news:p...
    > Thanks James,
    >
    > Read your entire message and appreciate that you took the time to give
    > me the information, thank you.
    >
    > The system here is a router with hardware firewall and each computer
    > had Zone Alarm Free version. Without any software firewall running,
    > the router firewall blocks everything is stealth'd on ALL ports.
    >
    > All of our computers get scanned one a week for spyware using spybot
    > and ad-aware.
    >
    > We use AVG free virus scanner.
    >
    > Outlook, Outlook Express, MSN and Windows Messenger are removed from
    > our hard drives.....they won't even get started by 'accident'.
    >
    > No software gets internet access unless it actually needs it, Bill's
    > media player doesn't catalog my music or download album covers or
    > organize playlists. It also doesn't acquire DRM licenses
    > automatically::> No software gets automatic internet access except for
    > Windows Update, the virus scanner, Eudora, Agent and a very few
    > others.
    >
    > We removed Bill's Office suite, and now run Open Office.
    >
    > Internet Explorer has java script and activeX completely
    > disabled....and, we use Firefox, not IE. IE is there because Bill
    > Gates OS won't run without it. We use Eudora and Free Agent for email
    > and newsgroup browsing.
    >
    > I'm thinking about removing the flash player, it seems to be almost
    > exclusively used for third party advertising on websites anyway::>
    >
    > Real Audio and some other similar media type players have been
    > removed, the scandal where Real Networks got caught red handed
    > collecting data on users musical preferences as a basis for targeted
    > advertising is still fresh in my mind::> Perhaps not a serious
    > security risk, but certainly the music and audio/video I watch online
    > or in my house is my business, and no one else's --your mileage might
    > vary.
    >
    > The wireless network has file sharing disabled (in the properties for
    > it).
    >
    > The desktop (hardwired to the router) has file sharing disabled in the
    > LAN setup.
    >
    > The 'guest' account was renamed after creating another account, issued
    > a strong password and then it was deleted.
    >
    > The sole administrator account is never logged in while connected to
    > the internet. It uses a name other than admin or administrator. For
    > example, it's name might be something like 'Chief1' or 'the_boss'.
    > Password is VERY VERY strong.
    >
    > All users, including myself have strong passwords and are required to
    > log in, but we have only limited privileges. None of the users have
    > guess-able names, all names are at least 6 characters in length...for
    > example, my user name isn't Ari, but it might be something like aarrii
    > or iira11 or ..ari//.
    >
    > I'd like the wireless to be WPA, but, as you say I might be
    > paranoid::> Acknowledged. Providing multiple hoops that intruders have
    > to overcome to get into the system seems to be the standard
    > practice-I'd like to have WPA be another barrier if possible. I'd like
    > to have WPA2, but it seems a little premature at this time, I just
    > read where Microsoft didn't even release WPA2 capable drivers until
    > March of last year, and WPA2 routers are not exactly common even now.
    >
    > We have no top secret stuff on our system, but we take our internet
    > seriously...especially the risks that we can control. My nine year old
    > daughter is more internet savvy than all of the other kids in her
    > class put together.
    >
    > If that's paranoid, well, then I guess I'm paranoid::>
    >
    > Again, thanks very much for taking the time to enlighten me regarding
    > the wireless security issue.
    >
    > Regards,
    >
    > A
    >
    >
    >
    >>Ok, here's the real poop, as far i know it.
    >>The way that it can only be cracked is by one specific packet that sends
    >>the
    >>one single part of the wep key unecrypted. If that one packet (which is
    >>rarely transmitted on a home network) is sent enough times, litterally
    >>thousands, the key can be decyphered. On a business network where
    >>different
    >>kinds of packeting and more complex systems are used, this one unecrypted
    >>packet can be transmitted hundreds of times a day... where on a home
    >>system
    >>you're lucky if it's sent once a day. (where also in that FBI demo, they
    >>probably set up for that packet to be transmitted constantly...)
    >>Yes, it can be monitored if that person wanted to buy a $200 wireless
    >>card,
    >>and a good computer system to do the work. But you're likelyness of
    >>someone
    >>even thinking of hacking your network is slim to none, and slim left town!
    >>Especially when they can drive down the road they can hack into a insecure
    >>one and do whatever they want!! To be brutally honest, you're just
    >>paranoid.
    >>Second off, like you mentioned, anything you do online, like purchasing,
    >>if
    >>it's site is secured, then you're safe there! And nothing to worry about.
    >>Third, to answer you most important question, if someone did hack into
    >>your
    >>network, and you had all your sharing shut off, you're pretty much safe.
    >>Although, windows xp pro machines have (had) shared for administrative use
    >>(I think) that if you didnt have an admin password, they were open. If you
    >>really think you need more security, look into software firewalls...
    >>this'll
    >>only stop anything from people on the network from hacking your machine or
    >>at least let you know if something is happening. But in most cases people
    >>don't need personal software firewalls because the router can do this for
    >>you, between you and the internet.
    >>
    >>Lastly, No one is going to hack you or even bother trying to hack if
    >>you're
    >>using WEP... it's too time consuming, and unless you had Top Secret data,
    >>there is nothing to worry about.
    >>
    >>-James G.
    >>
    >>
    Jack \(MVP-Networking\)., Mar 8, 2006
    #7
  8. Ari

    netsecure2010

    Joined:
    Apr 8, 2010
    Messages:
    1
    It Depends

    This all depends on the required security.
    WEP is broken, and MAC filters and SSID hiding are next to useless.
    Remember, however, that many people in your area also use WEP or worse, no security at all. Therefore, attackers would first have to choose your network to crack, before the actual cracking takes place.
    -If you are trying to keep your home network secure, than it just might be enough.
    -If you were protecting a business, then a hardware upgrade to WPA/WPA2 is in order.
    -If you were protecting a government network, then nothing but a hard wired network is secure enough. :D :D
    netsecure2010, Apr 8, 2010
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page