If you use WEP you are in DANGER

We all know that WEP was never meant to be entirely secure or anything like that. However, most wireless access points around are still using this as their default security mode versus WPA or WPA2. I won’t go into the details of WPA or WPA2 and will instead use this as a public awareness exercise to explain that if you’re using WEP and reading this blog then shame on you as you should be technically literate.

Don’t worry I was in the same camp until early last year. A friend of mine who works in security came over for a beer and to generally catch up since we hadn’t seen each other in almost a year. Of course we talk about tech security and he loves to go on about how the “average person and average company” aren’t very bright. I challenge him on this much to my chagrin and he proceeds to demonstrate using me as the example.

So he asks, “Do you have wireless at your house”? I quickly reply that I do like most people. He asked me what type of security I had on it. This I knew to be WEP and felt good because at least it wasn’t open. He then asked if I had a 64-bit or 128-bit key. I said 64-bit because I was too lazy to come up with a 128-bit one in hex. He keenly smiles and then says, “It doesn’t really matter because I can probably get into your network in a few minutes regardless.” Oh you can, can you. Prove it. The peril is that I know he knows his stuff and that if proven correct I will not hear the end of it for many years to come.

He breaks out his laptop, boots up Linux and has a special antenna that plugs into his USB wifi device. He executes a few scripts and then asks me which wireless network is mine. I tell him and then he proceeds to do his magic. Sure enough, within 10 minutes he had my key and was on my network parading around. Luckily all my boxes are locked down and authenticated via my domain controller so he wasn’t able to do much except gain use to my broadband connection. That didn’t make me happy either.

So if you have wireless at your domicile or business please make sure you are using WPA or WPA2 with a strong key (meaning characters, numbers and special characters) that is at least 20 long since the only way to crack those is with a dictionary attack!