Making the Best of WEP By M. David Stone
I keep hearing that WEP (Wired Equivalent Privacy) is too weak a security scheme for wireless networks, but I’m not prepared to throw out my old access point and card to buy new ones with better security. Recognizing that WEP is imperfect, how can I best take advantage of whatever security WEP provides my home network?
Using WEP instead of more sophisticated security schemes like WPA (Wireless Protected Access) is a little like putting a padlock on a door. It won’t stop someone who is determined to break in, but it will discourage anyone who isn’t willing to make an effort. Here’s a check list of things that will make breaking though WEP harder. Not all of the following features are available on all 802.11b hardware, but you should take as many of these steps as your hardware allows.
Check the manufacturer’s Web site for the latest firmware, which may have additional security features.
Make sure your access point is set to require WEP, not just use it as an option.
Set WEP for the highest-level encryption that you can. Alas, 128-bit encryption may not work among products from different manufacturers (the IEEE standard is 64 bits), but it’s worth a try. In an informal test, we were pleasantly surprised to find that the 128-bit encryption in a Linksys WAP11 access point works with the 128-bit encryption in a D-Link PC Card.
Don’t use default settings for SSID (Service Set IDentifier), your administrator password, or the WEP key. And avoid using a password that the teenage hacker across the street might guess—such as your dog’s name. As with any password, mix some numbers and letters and change the settings on a regular basis.
Disable the automatic SSID broadcast feature.
Set your hardware to refuse connections from systems with SSID set to Any.
Look for a feature that lets you define the MAC addresses to accept, and make sure that the only addresses in the list match the addresses for the systems you want to connect. MAC addresses (unique identifiers for network components), can be spoofed, but this is another hurdle for a would-be hacker to jump over.
There are further steps you can take, but they are more than a home network is likely to need. The steps mentioned here are enough to keep out anyone who isn’t highly motivated to break in.
If your equipment is less than a year old, you may be able to upgrade and install WPA. Check out “Wireless Security: WPA Step by Step”.