How do encrypt my wireless network?

This is nothing but scare-mongering. While sensible precautions need to be taken when operating wireless networks, operating a properly-secured one does not mean your email will be compromised, and it does not mean your bank details will be stolen. A healthy does of paranoia is one thing, but generalised statements based on a lack of actual knowledge about WiFi security implying that those operating WiFi nets have no regard for security or privacy are nonsense and unhelpful.

Now, it is a fact that WEP encryption is fundamentally flawed, and that it can be broken in minutes by a skilled wardriver using a laptop in range and freely available software. That said, the great majority of people in residential areas will not be subject to the attentions of the determined war-driver.

The only known (remote) attack on WPA at this time, on the other hand, is a dictionary attack that seeks to determine the passphrase in use. Using a random password of 30 characters or more effectively defeats this anyway. Sure, the shared passphrase used by WPA-PSK is, if compromised by other means, a weak point, but for practical purposes WPA-PSK is perfectly sufficient protection for home-based WiFi networks.

Businesses, however, do need higher levels of protection. WPA-PSK does not suffice in a changing environment, where wireless devices are removed and added from time to time, so full WPA (or WPA2) - with its rotating keys and RADIUS authentication - is needed as a minimum.

 

This is nothing but scare-mongering. .. ..... but generalised statements based on a lack of actual knowledge about WiFi security implying that those operating WiFi nets have no regard for security or privacy are nonsense and unhelpful.

 

Well, I'm sorry if you feel my comments are harsh, but I stand by them. If someone is attempting to determine how to best protect their WiFi network, and they - sensibly - ask when in doubt, it is important that they receive accurate and substantive information, not generalised and baseless 'warnings' to avoid WiFi altogether.

 

I completely agree.
As you said, wireless can be used securely if you select the right communication protocol (WPA or WPA2) and don't use a blank, default, or weak password.

 

Hi Devinco:

The point in all this exchange that I was trying to make and failed was based on real experience with WPA secuity I had here. The ISP was unable to allow me access to secure sites WITH NO CHANGE IN MY SOFTWARE setup.

They kept saying over a 5 month period it was my PC, cookies , AV, AMW everything but there firmware and modem. They replaced the modem but the new one was more unreliable than the 1st one.

I finally took my PC to a computer store unchanged and as suspected everything worked fine!

I then switched ISP suppliers. During that process the technician showed me how 90% of the wireless sites WERE COMPLETLY OPEN. They use them to piggy back for wireless email! I've scrapped wireless.

So, I come by my concern on wireless from experience not just baseless warnings and a need to fear monger.

All I hoped to do was warn a member that hazzards exist with this.

I failed to communicate that correctly, and got hit in the chops with some rather unflatering charges. I did not expect to have my well intended comments jumped on with what I thought was rude language. I note that when you disagee you do it without making it personal.

I'm human so I reacted, maybe everbody else in this forum is so wise they would never be part of the 90% unprotected group. I hope so.

For now, I will refrain from providing general opinions and experience and restrict myself to asking dumb questions.

Best personal regards

Your still Celtic friend Escalader

 

Hi Escalader,

Your ability to access an SSL(HTTPS: ) website is controlled by the connection between the web browser and the web server. It should have nothing to do with the type LAN connection (WiFi or not) you have. The only way that I could see this happening on your side would be if your router, wireless access point, or firewall is somehow misconfigured to block access to sites on port 443. It is possible the ISP itself was having some other problems.

Your intentions were good, and I believe that the ISP tech said that 90% of wireless LANS were open.
I would venture to guess that at least 90% of people using wireless LANs don't even know that they can set a password on their wireless router or that there are security features.
Even if they use a secure WiFi connection like WPA2, a blank, default, or weak password will be almost as bad as using no wireless security at all.

However...

With the ideas presented in this thread (activate WPA or WPA2 and set a long 32-63 character random password), WiFi CAN be used securely.

This is not so different from the wired user who needs to set a strong password on their wired router.
Just because people don't know how to use the security that is available to them, it doesn't mean that they shouldn't use wireless at all if it suits their needs.
If they don't want to learn anything about security, they will get burned sooner or later no matter how they connect.

 

"Your ability to access an SSL(HTTPS: ) website is controlled by the connection between the web browser and the web server. It should have nothing to do with the type LAN connection (WiFi or not) you have. The only way that I could see this happening on your side would be if your router, wireless access point, or firewall is somehow misconfigured to block access to sites on port 443. It is possible the ISP itself was having some other problems."

Hi Delvico:

What you didn't know:

I had no router at that time, I added that for cable

At home if I used the default dial up I could access secure sites as well.

Since then the ISP has admitted it has nothing to do with my software or hardware, at home I could hit unsecure sites but not the banks.

At the computer store test I used the same settings, no firewall. NOTHING WAS DIFFERENT, and everything worked including secure sites. Same PC, Same ISP server, DIFFERENT modem and network hook up.

Yes, the ISP admitted they had a card switching issue at their end twixt house and their server

At the time I took my unchanged broswer(s) and CPU tower to the name brand computer store I had no router at home

I'm getting 3 months of charges back, and moving on. 90% aren't secure even though it is technically possible.

Everyting being equal, I still think wired is safer, you would need to phycially attack the cable itself rather than pick up radio signals throgh the air. If those signals are open for 90% of the rest of the world well what then?

 

That's good they are giving you back some money for the trouble they wanted to pass on to others.

Who knows what the future brings, maybe WPA2 will be cracked, maybe not.
For now, it is secure if configured properly.

Then I think a lot of people need to learn a little about wireless security very quickly.

 

You are right it is good, and maybe things will change in the furture. Gosh isn't that one of those comments that got me in trouble before! Oh well we can say what we want here within reason right?

I'm thinking how to help the great mass of 90% uneducated (worse than me) with unprotected networks.

Does wilders have any duty to them other than just our own members?

I'm thinking they can't remember passwords on their 8 position bank sign ins. What to do MINIMUM.

1. Tell them to use all 8 positions
2. enter alpha not numbers
3. use a mispelled pass phrase
4. eg:=redzoses
5. this would at lease fail a dictionary search
6. for 32 position banks allowing special character try things like {FoRcE}={MaSs*AcCeRaTiOn}

Those sites allowing longer postions than that one could put in a memorable phrase like:

In the beginning God created the heaven and the earth.

I'm thinking people can remember things like that. My accounant friend was persuded to use a phrase rather than his public phone number. He chose "the credits (or was it Dr) are near the window"

Enough of this for now, I will now wait for the experts to jump!

Regards

Your celtic friend

 

While having a weak or default password with WPA is not the smartest security, it's usage is a lot better than in other situations such as account logins or routers.

To be practical, it takes a substantial amount of time to try a WPA password before trying another. You can have a program that's running through hundreds or thousands of passwords a second in a brute dictionary attack. But, that doesn't neccesarily mean it can run that fast trying to crack a WPA password. Even if it can run a password a second (I have never seen a wireless connection authenticate even with the correct password that fast), a password that would normally take 30 seconds on a wired connection to crack after having gone through about 500,000 passwords, would take 347 days over WiFi. Even if it only took 20,000 passwords to find the correct one over wire, that's still 2 weeks over WiFi. Very few people, including most hackers, are going to have the patience to wait that long, especially with the social engineering today of getting everything instantly.

Use WPA/WPA2 if you've got it with a difficult password and you'll be fine.

(Even something like "wep1028WPA" is good enough to thwart any bruteforce attack for years.)

 

Hi:

When my router arrived, it had psw=admin , user id = admin.

I'll bet that works in a lot of cases for hackers. So I guess it depends on how much know how you have. 90% have zero secuity, of the remaining 10% who at least use a router, how many leave these setup codes unchanged?

This problem will not go away until and unless the hardware guys build in rotating codes for the great unwashed that do what they should do for themselves but never will.

This is just my view, most people aren't interested in alarms for their house until they are robbed....or they are only concerned about their own immediate technical issues.

I'm thinking I may provide a free information flyer for my street anyway, pointing out some simple steps people can take to improve their internet secuity. If they need help I would help them free of charge. this would make up for some of my past "sins".

I feel kind of an obligation to let them know and help them. If anybody wants to contibute SIMPLE ideas for this feel free. When done I could post it here for peer review