WEP or WPA

[Raffaz]

Just wondering whats more secure here? Whats the pros and cons of them? Cheers

Mick

[Fubarian]

WEP is very very weak. Why? parts of the key is transmitted from time to time within the data sent. In about 10mb of traffic you have more than enough to decompile the key. Very bad.

WPA is much more protective, it doesn't do what WPA does (send the key)

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

[BOB IROC]

I would go with WPA and if your router supports is I would incorperate MAC filtering as an added layer. Also do not broadcast your SSID.

One thing you have to consider is some wireless Network cards do not support WPA, but that is mainly for the older ones. I do not think I have run into a a/b/g card that does not support WPA sold today.

[Fubarian]

I would incorperate MAC filtering as an added layer.

This is also a good idea

Also do not broadcast your SSID.

This has absolutely ZERO benefit. It does not "hide" your access point.

[slgrieb]

MAC filtering won't hide your access point, but disabling SSID broadcast per Bob's suggestion will. As he says, MAC filtering is just another layer of security and peace of mind. Both in short supply these days.

(Edit) to be a bit more correct and fairer to Fubarian, there are indeed techniques to discover wireless LANs even if SSID broadcast is disabled, but many, or most intrusion attempts can be defeated by this means.

[BOB IROC]

to be a bit more correct and fairer to Fubarian, there are indeed techniques to discover wireless LANs even if SSID broadcast is disabled, but many, or most intrusion attempts can be defeated by this means.

Thats what I was going for, but some seem to think it has Zero benefit. It may not be much, but every little bit helps.

[Fubarian]

Every single time you connect, it sends a broadcast for the AP and the AP replies with a broadcast as well. All I do is interrupt your AP (use a wireless phone does this rather easily) and guess what? Oh, I got your SSID. Run a AP monitoring program and find this out for yourself.

Hiding the SSID broadcast gives 0 benefit, period. Security through obscurity does not work and is a terrible practice. MAC filters, yes (and even this is weak and spoofable, rather easily), WPA-PSK, AES and TKIP, yes! Hiding something, NO

[BOB IROC]

Hiding the SSID broadcast gives 0 benefit, period.

Sheesh Fubarian, did someone piss in your cheerios?

Not everyone has all these utilities that you speak of or knows how to use them, but I still think hiding your SSID and running MAC filtering will help keep the average neighbor of knowing you have a wireless network. Then you add WPA or WPA2 for added protection.

[Fubarian]

No, not at all! I just don't like people giving incorrect information -- the tools are very easy to find and are FREE and its got to the point the village idiot (well, ok not QUITE that easy) can figure it out with 30 minutes of internet searching.

Side note : One benefit to SSID is "long range" devices will stay connected better

[3fingersalute]

This has absolutely ZERO benefit. It does not "hide" your access point.

Well, I wouldn't say "zero" benefits, here are a few:

• People who are not wardriving, etc. will not notice your network. If the average joe just pulls out a pda, laptop etc. and isn't looking to "crack" into a WiFi network, but rather just "hop" onto a free WiFi signal, they'll just keep moving along.
• The neighbor next door will not have it listed in his available networks, etc. and possibly connect to it either intentionally or unintentionally.

[BOB IROC]

Sorry Fubarian, you just sounded like you were getting a little angry. And I dont think I am giving "incorrect" information here either. Well as I said Hiding your SSID and Using Mac filtering will keep the AVERAGE neighbor from knowing about your wireless network. As most people like that do not have and are not going to search for or use such utilities. However, if they can see a publically broadcasted SSID they may be likely to try and use the network for free internet.
I say this because I have seen it happen. I ran into a friend while shopping at best buy a couple months ago and he said he wanted to get a wireless card for his brother. I asked what kind of internet does he have and he said "he doesn't. His neighbor has a wireless network that he is going to steal a connection from" And that is just one example, but I have had teachers come up to me and ask similar questions like "what kind of wireless card should I get if I want to use my neighbors wireless network without them knowing it. Blocking your SSID and using MAC filtering will help at least a little bit with those situations. Don't ya think?

[Fubarian]

and now they both have the same SSID and you connect to my network by mistake ...

[BOB IROC]

and now they both have the same SSID and you connect to my network by mistake ...

How do you figure? You make the SSID unique, you just block it from being broadcasted. Then you input your connection information into your wireless device manually. Granted that many people do no change their SSID from the defaults, but that is not the situation here I don't think.

[3fingersalute]

I like to explain wireless security to people as being like locks on you car or house. Locks keep the honest people honest. If they walk up to a door and turn the handle and its locked, a honest person will walk away. If they're not an honest person, the lock is only going to slow them up a tad from getting in until they smash a window, bust the door (break the WEP/WPA, MAC filter, etc.).

[3fingersalute]

What I hate is Verizon ships Westell modems out to all new DSL customers with wireless enabled by default, no security enabled, and the average customer installs with the cd, has the Westell modem/router hooked to their computer with an ethernet or usb cable, and have no use for wireless and have no clue that they're broadcasting a free WiFi unsecured signal to anybody nearby.