Home wireless networks: Why is everyone still only using WEP?
It always amazes me how some people buy a wireless router for home and just plug it in and setup the basics; no security, default SSID (usually the manufacturers name like Linksys), default user and password (try user: admin, password:admin).
"Hey, I'm set - its works right? I get access to the Internet and I can take the laptop anywhere in the house and still keep on browsing!!"
Yeah, but its not secure mate!! If one of your neighbors is a nefarious hacker or just plain nosey, you're in deep Cleveland Brown, you've left the door open for them to sniff around (no pun intended).
"Yes", you say, "I guess I could use WEP to secure it, most people do. that's good enough isn't it?"
Ah yes, WEP -Wired Equivalent Privacy, or so they thought when it first came out, but not for long as there is an inherent flaw in its design (see discussion below). Do you really just want "good enough" security on your wireless? No, I didn't think so.
So lets read on.
What should I do?
Secure it, and they WON'T come!! So how do you secure it? Simple, most new wireless cards and routers have several security options, WEP (no, no, NO), WPA (WiFi Protected Access) etc. Lets take a quick looksie at which one to use and what else we might or might not do:
SSID - To Hide or not to hide
SSID - Service Set Identifier. That's a fancy name, all it is is the name of your wireless network. That's the name you'll see when you are connecting to the router. I always get asked "Should I hide the SSID?", i.e. stop if from broadcasting so no one knows about your router? No, I don't think so, while it's true most of your non-techie neighbors won't be aware of it, its fairly simple for techies to find it by using some freeware application to listen to the wireless traffic. Personally I don't see any point hiding it, in fact I like to give it a funny name, that way maybe you can start someone's day off with a smile when they're looking for a wireless network to connect to. J
WEP
Oh my, its seems 75% of you still use this, but this is the old security method, been around a while and is pretty easy to crack because of weak WEP headers (initialization vectors - if you sniff enough data at some point the IV is repeated, once you have two packets with the same IV they can be XOR'ed and the result is your WEP key... or something like that).
Bottom-line: DON"T USE IT!!! If your card doesn't support WPA then its time to upgrade your wireless card, its too old.
WPA-PSK
These might not be available as an option if your adapter is old. But, as I said above, if your only option is WEP - it's time to upgrade. WPA-PSK (pre-shared key) is really the one you want to use at home. Why is it better than WEP? Unlike WEP, which uses the same key ALL of the time, WPA-PSK rekeys on a regular basis, so this should stop those pesky hackers getting in, because they won't be able to gather the amount data they need to crack the key like they do with WEP.
Conclusion
OK. So there you have it. If you're not using any security, START!!!, if you're using WEP - STOP IT!! Go that extra step and use WPA-PSK.
Just to make sure, I did say don't use WEP, didn't I? J