This is a mini-rant, a short essay refuting a common misconception among users of an Internet forum. If you think this essay is FUD, feel free to explain why on the essay's talk page.
Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) are security layers at the data link layer of 802.11 series wireless local area networking.
WEP is considered weak among 802.11 security measures, but it's not much weaker than the security on most wired networks, which is why it's called wired-equivalent privacy. It takes 2 minutes to crack WEP, but it also takes 2 minutes to sneak into the premises and find an open 100BASE-TX port. Cracking wired networking requires physical trespass, but so does cracking WEP if your building is adequately shielded. (Some buildings act almost like a Faraday cage, whether the legit occupants like it or not.) A wired network user could notice the burglar, but an access point's owner could also notice the unfamiliar MAC number. Some people don't watch their routers for unfamiliar MAC numbers, but people tend not to keep an eye on spare network ports hidden behind desks and the like for rogue Ethernet adapters either. An e-burglar can spoof a MAC, but a burglar can also unplug the Cat-5e cable. WPA is an improvement over WEP, but in October 2009, it was discovered that WPA allows a partial break after 20 minutes.
MUST SHOULD MAY |
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. (what's this?) |
You SHOULD upgrade all your access points to WPA2. But if you must support a legacy device on your home network, such as a Nintendo DS,[1] don't fret. In a home environment, weak security measures like WEP and the original TKIP-based WPA act as a "keep out" sign. They force an e-burglar to perform an overt act which proves his intent to sneak onto your network, at which point you call the police and/or get your lawyer. The other point is to make your AP less of an easy target than your neighbor's open AP. Remember the parable of two tourists running from a hungry tiger: you don't have to outrun the tiger.
On the other hand, you MAY improve security by excluding legacy devices from your network. For example, this will become practical for Nintendo DS users who don't use homebrew once the Nintendo Wi-Fi Connection service ends in May 2014.
Categories: Computer security, Articles with RFC 2119 verbs, Mini-rants