Much has been touted about the increased encryption available via WPA.

However, in my experience Router Manufacturers continue to promote WEP for networks that include Windows XP machines.

What has been your experience?
What have you been advises, if you consulted your Router manufacturer?

Thanks in advance for your feedback.

Note:
Whichever alternative you select for your own network, please know that password protected encryption for your wireless is very important.
And please give your Router a new name and strong password to discourage remote attackers as well as to foil visitors with physical access.

Doug

Hi Doug,
I come across lots of folks with no encryption on their wireless signal at all........

I point out the error of their ways and recommend that the default router log in password be changed to something more secure as a matter of urgency and that the signal be encrypted immediately.

Some folks seem to think that this is a cunning plan that I use to hike up my charges............ so then I often have to fire up my trusty laptop and ask them if I have their permission to connect wirelessly to the Internet using their router. When I'm connected (about 20 seconds after boot up has completed) and I tell them I could now start to download illegal material and it would be them that the authorities start chasing first...they tend to change their tune.........

Often they are using older routers, (and wireless access points) that cannot handle WPA but only use WEP (even with a firmware upgrade) so I explain , simply as possible some of the details,.......and the differences with various types of encryption and when their eyes begin to glaze over for the second time.........its sometimes best for me to just set up the strongest encryption that their equipment will run (often 128bit WEP encryption) and leave them with my standard letter "Risk Statements" (which they have to sign and return one copy to me, before I'll do the work) that sets out my recommendations for stronger encryption.....I'm just covering my back really by doing it this way.

With my own Router/WAP, I use WPA2 , with a reasonably strong password ...............its sufficiently strong to defeat a standard brute force or "dictionary attack" (fingers crossed!) However When testing WAP for customers on my workshop ADSL I'm happy to use WPA (TKIP)
I don't suppress the SSID broadcast or use MAC filtering as I believe the real strength lies in the encryption and physical security of the apparatus.

However as I always tell my customers, "with enough resources and incentive, practically any home system can be cracked if physical access to the apparatus can be obtained"

Just my 2 cents worth (or in my case ) 5 Bobs worth!
Regards
paws

Hi Paws,

Well your post was most informative I must say, and I would call it many English pounds worth.

My network was set up by a genius like you describe you do for your clients, but in any event, I wouldn't mind if you lived around the corner from me for checking purposes.

Congratulations too, I see a little purple in your status these days....well done and very much well deserved.

kind regards,

This is an interesting topic. My mom lives in a rather affluent neighborhood. It is a small sub-division with only about three "main" streets in it. I got bored once and took my laptop in the car with me and drove through her neighborhood scanning for wireless networks. In only a few minutes I had nearly 25 unencrypted wireless networks at my fingertips. I pulled up in front of the house of 6 of them and logged into their routers with default passwords on 5 of them. I went one step further (I'm such a trouble maker) on one router and changed their admin password then setup remote management access. I recordered their current public IP address, drove home, and then logged into their router over the internet, dropped their computer into a DMZ and began to port scan it for vulnerabilities. Ofcourse, I didn't do any real damage to anything, but I wanted to see if it could be done. Proof of concept, you know.

I went on a trip to New York to the West Point military base with a group of network security students for a college program we were involved in. On the way back I was using my laptop and we got stuck in a traffic jam on the express way. So, I fired up my network stumbler and began pulling up networks located in houses off the express way. I was able to login to the routers with default passwords and change the admin password (I wanted them to be secure) before the cars moved too far to get a signal. Needless to say, as ridiculous as it was, we were all tickled pink being we were on a trip strictly for network security.

These are great stories of why people should encrypt their networks. Most people are happy if they can just get the router plugged in and working. If the network is called "Linksys" they could care less. I'm not a malicious person, but many people may be. If I wasn't such a nice guy I would shutdown peoples internet connections and leave flyers for my business in their mailboxes (they would just think I was blanketing the neighborhood).

Since Windows XP Service Pack 2, windows has natively handled WPA encryption, and this is the standard I use. WEP, even 128bit, can be cracked after sniffing enough packets. WPA is probably still insecure in some ways, but I feel sufficiently secure using this. This is the standard I use for all my customers because it is natively supported in Windows XP SP2. The newer encryption technology requires that the manufacturer's (of the wireless adapter) software be installed and I am totally against installing any third party software I don't have to. If Windows does it, then I let Windows do it, period. Windows' wireless zero configuration works flawlessly, and those third party apps are nothing but bulk, junk or unnecessarily confusing trouble.

Appleoddity,



I couldn't agree with you more!
I do a "very" small amount of customer service, but much of it is grief induced when folks get tangled up with their DSL access or small home/business network.

I hate those bloated CD's that the telephone company sends with the customer's DSL modem, to "help" them walk through the installation.
Router installation, same thing... Throw away the dang disk.

And then the Router phone support is scripted to persuade customers to use WEP over WPA, leaving them less secure.
Why? Just because it's easier? More likely because the Router support service hasn't updated there help menu since before SP2.
End of rant.

Hi appleoddity,good to hear from you, and yes isn't it amazing how many unprotected networks there are about.

I'm not sure of the rules in your jurisdiction ......but in mine (UK) logging into someone's router and or computer without authorization.....can lead to 6 months in the slammer + a fine at level 5.....currently £7500 (GBP) around (USD) $11,250...

Having said that I don't think too many folks (over here anyway) have been caught yet.... or if they have, perhaps they have just been cautioned, by the Authorities rather than prosecuted
Regards
paws

It is not the intent of this help forum to resolve or advise on legal issues for which any local user may be held accountable in matters of either civil or criminal law in their jurisdiction. Nor do we condone by advice or example any conduct that is restricted or prohibited by law.

Rather, it is our purpose to assist members and readers to better manage and secure their own computers and networks such that their own practices insure best possible safe, legal, and successful use of their own equipment.
______________________

As to the topic of accidentally, opportunistically or intentionally gaining access to WiFi internet connection, the activity is casually known as "leeching". The term refers to a creature commonly found in nature, usually in a body of water, which attaches itself to the body of a host animal for the purpose drawing nutrient substance from the blood of the host. While, in medical application, there may be beneficial applications known for the use of "leeching", most common thought and experience deems the idea of becoming personally infested with such creatures to be disgusting, dangerous and to be avoided. In that regard, the internet community has aptly termed the use of internet access that doesn't belong to the user as exploitative in a disgusting and dangerous fashion... leeching.

Think of it this way...
If the front door of a house is open ,you have no right to wander in. And if you take something it's a crime.

An open access point is like an open front door. If you use the access point to get onto the Internet, someone has to pay for the bandwidth - either the owner of the access point or their ISP. Something is being "taken". And if "taken without permission" could be considered a crime.

If you have a WiFi card and connect via another person's access point/internet connection, it would be pretty easy to convince a law enforcement authority that you've done something wrong.
___________-

For the reader's information, there are laws in the United States and most other jurisdictions world-wide that apply to this topic.
The initial law here in the United States appears to have been drawn up as a matter of national security in 1985. Reference to this legal body of information can be seen at: http://www4.law.cornell.edu/uscode/html/us...30----000-.html
WTT makes no claim as to the reliability, accuracy or application of this information as it relates to the readers own legal jurisdiction.

Most States have crafted their own civil and criminal legislation on the topic, to which the reader should refer in their own specific case.
_______________

Interestingly, various businesses have widely differing attitudes and practices regarding the practice of "leeching".
For instance, in the travel/tourist trade some hotel/motel chain have found that making unrestricted wifi access available, actually draws potential customers to stay at their lodging, and may in some cases promote the free use of wifi connection as a way of attracting business from passers-by on heavily traveled highways.
In some other instances, residential apartment owners have resorted to offering free wifi access as a feature of their contract much like availability of cable-tv or exercise and pool facilities. Apparently, the practice of "leeching" from nearby apartment neighbors became so common and annoying to residents that some apartment owners gave in and decided to make wifi available to all of their residents openly, instead of condoning one neighbor leeching from another.
And finally, there is the matter of the source ISP. Some ISP's have apparently supported free access sharing, while others take a highly restrictive attitude towards use of their bandwidth.

There are instances of individuals who have been prosecuted for "leeching", and the news has picked up on cases in States of Maryland, Michigan and Florida. Other states, no doubt, have cases on the books.

It may come down to this:
Leeching happens.
You as the owner of an internet connection have an interest in how that connection, which you are paying for, is used.

Password protect your Router.
Encrypt your wireless broadcast.
Stay safe, rather than become sorry.

Best Regards

Defeating WEP is almost trivial. WPA better, WPA2 the best. However, even WPA2 is easily defeated when people don't change the router's default user/password. Which very few people seem to do.

What many people don't realize is that they're responsible for any content that passes through their IP address. Whether that's simply leaching bandwidth, pirating music, or downloading kiddie porn. Not to mention it's easy to sniff usernames and passwords on unsecured networks (banking, intranet access, site login, etc). If they have file and printer sharing enabled, they've left all their files and folders available for anyone to view. Private documents, photos, proprietary info, etc.

Our policy here? We don't offer any help, or allow discussion regarding bandwidth leeching or access to wireless networks. We do help people to secure their wireless networks.

1. Secure the wireless router by changing the default username and password.
2. Enable WPA/WPA2. Router only has WEP? Upgrade.
3. Use secure passwords.