A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

WEP keys, beyond WEP?



 
 
Thread Tools Display Modes
  #1  
Old September 1st 04, 11:45 AM posted to uk.telecom.broadband
Chris Comley
external usenet poster
 
Posts: 41
Default WEP keys, beyond WEP?

(Peter) wrote:

The HP laptop can do just 64-bit WEP.


Can you find out if a firmware or software upgrade will allow the HP
to do 128bit WEP? Or failing that, swap the card for one which can?

What solutions are there for greater security, which can be installed
on a laptop?


WPA is the next generation. With WPA, the WEP key is automatically
changed ever couple of hours, so anyone who's trying to crack it will
have to start over. The "key" that the WPA system uses to transfer the
new WEP key around the lan is still short, but as the amount of data
you send using the key is much smaller (i.e. just the new WEP keys,
not your whole data stream) then it provides a far less crackable
target. (The point here is that any encyption scheme is crackable if
you have *enough* sample encrypted data which uses the same key,
compared to the size of the key. Send a couple of gigabytes of data
using a 128bit key, then it's just a number crunching exercise to
derive the key.)

BUT if you can't even support 128bit WEP keys on some of your kit, you
are unlikely to have WPA capability. If you need the security, you
probably need to upgrade all the hardware.


The only route you may have to more security using the current
hardware is to put the wireless base station *outside* your firewall,
and then use a VPN connection from the wireless client to access
systems inside the firewall. Use DES3 or better encryption on the VPN
link, with a tunnel refresh time as short as you can live with (the
default is 8 hours, drop it to 2, but every two hours there will be a
slight "pause" in VPN traffic as the tunnel key is re-created and
restarted).

I realise that if I spend long enough connected at 64-bit WEP then the
key will get cracked sooner.


Same is true of a 128 bit key - just takes the cracker a little
longer.

Any advice much appreciated.



One last trick. Your wireless access point may have, in addition to
WEP, the facility to limit access to your wireless network by MAC
address. List the MAC addresses of your valid devices in there and
block any others. It's not foolproof (MAC addresses *can* be faked)
but it's one more layer on your security onion.

A big questoin you need to ask yourself is - how likely is it someone
is *trying* to crack your wireless network? Are you a "target"? i.e.
do you have lots of sensitive information that someone may know you
have? Or are you just taking "normal precautions" against casual
sniffing? What's your physical environment? If you live in a large
house with a big garden the chances of anyone being near enough to
pick up your waves are slim. If you live in a block of flats then the
chances are your WiFI lan is radiating to the flats of several of your
neighbours. How many of your neighborus have teenage kids who may have
nothing better to do than see if they can crack your lan?


---
Wizards Ltd
www.wizards.co.uk
UK supplier of Sonicwall, Watchguard, Zywall.
  #3  
Old September 2nd 04, 11:32 AM posted to uk.telecom.broadband
Chris Comley
external usenet poster
 
Posts: 41
Default WEP keys, beyond WEP?

Well "IT Pros working from home" are probably pros and couldn't give a
fig about your network, it's kids and smartarses you generally have to
worry about.

If you need that level of security, you need to get kit which can
provide it. This may mean replacing older cards and where necessary
turning off built-in wireless and using slot-in cards instead which
*can* provide the security level you need.

If this isn't possible, then your only option will be to go the route
of having teh Access Point *outside* your firewall and use VPN. But
the Draytek won't help here as with the firewall/VPN *in* the router
there's no way you can connect an Access Point outside o fthe router,
but inside the ADSL. Unless Draytek has a built-in access point and
that can be *configured* to be "outside" the firewall.


---
Business ADSL solutions
www.wizards.co.uk
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
WEP keys, beyond WEP? Ian Stirling uk.telecom.broadband (UK broadband) 1 September 1st 04 11:23 AM
WEP keys, beyond WEP? Ian Stirling uk.telecom.broadband (UK broadband) 0 August 31st 04 07:52 PM


All times are GMT +1. The time now is 01:40 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.