If I use WEP, does it only prevent others from using my network connection or can someone "steal" my person data (eg. bank a/c # and password) if they know my WEP password?

If they have your password by *EASILY* cracking it in under 10 mins then they are now part of your network and can conceivably access all your files and plant malware on your systems. This means none of your banking info is safe.

So yes, once WEP is broken you are already compromised.

WPA and WPA2 is MANDATORY now. WEP is not secure at all.

Use at least WPA if possible; WEP will stop people accidentally connecting to your network, but won't do much to stop a determined hacker.

However, the good news is that your bank account and password will be encrypted by your web browser, so even if someone can tap into your wireless link they'll only seem encrypted gibberish go by. Well, unless they manage to impersonate your wireless access point and spoof the DNS to fake the bank's web site, anyway.

But anything that goes over the wireless link in an unencrypted form would be accessible if they crack the WEP password. For example, web forums where you log on with a non-encrypted password.

Edit: it's a good point though that if they can access the network and you have writeable network shares or are running services which have exploitable bugs, they could install malware on your system.

If they have your password by *EASILY* cracking it in under 10 mins then they are now part of your network and can conceivably access all your files and plant malware on your systems. This means none of your banking info is safe.

So yes, once WEP is broken you are already compromised.

WPA and WPA2 is MANDATORY now. WEP is not secure at all.

Shame consoles don't support it all that well (Nintendo ones that is).

For a home network, WEP isn't as bad as most people think. To crack a WEP key in 10 minutes, based on sniffing and not just bfing (and assuming it's a half decent key), would require enterprise-level traffic. Most mischievous wardrivers won't spend the time to crack a home-user WEP when there's dozens of 'default' & 'linksys' ssids around the block.

Eitherway, WPA/WPA2 > WEP. If you're feeling paranoid, use a few layers of defense..
- WPA/WPA2 with hidden SSID
- MAC address IP designation
- Separate VLANs for any IPs out of specified range
- Use SNMP (or manually through the device's web gui) to monitor any odd behavior (e.g. unknown machine connecting, attacks at certain time of day)

No one standard or security measure will make your network un-compromisable but a number of layers will make it a bigger pain the ass for whoever is trying to manhandle a few packets.

For a home network, WEP isn't as bad as most people think. To crack a WEP key in 10 minutes, based on sniffing and not just bfing (and assuming it's a half decent key), would require enterprise-level traffic. Most mischievous wardrivers won't spend the time to crack a home-user WEP when there's dozens of 'default' & 'linksys' ssids around the block.

Eitherway, WPA/WPA2 > WEP. If you're feeling paranoid, use a few layers of defense..
- WPA/WPA2 with hidden SSID
- MAC address IP designation
- Separate VLANs for any IPs out of specified range
- Use SNMP (or manually through the device's web gui) to monitor any odd behavior (e.g. unknown machine connecting, attacks at certain time of day)

No one standard or security measure will make your network un-compromisable but a number of layers will make it a bigger pain the ass for whoever is trying to manhandle a few packets.

Not at all. Cracking a WEP key does not require a large amount of 'true' traffic when there is packet injection. Brute forcing is not how WEP is cracked. It doesn't matter how complicated the key is, it CAN be cracked in mere minutes. You're thinking of WPA where if the key is complex enough, that cracking the network is next to unfeasible.

and if you use WPA/WPA2 with a good passphrase, security layers is definitely not required.

If I use WEP, does it only prevent others from using my network connection or can someone "steal" my person data (eg. bank a/c # and password) if they know my WEP password?

If you are really that concerned then run cat5e or 6 to your computer/laptop and get rid of the wireless. Thats the most secure way.

Shame consoles don't support it all that well (Nintendo ones that is).

The DS unfortunately doesn't support WPA at all, but my Wii using WPA2 AES without any problems.

If you are really that concerned then run cat5e or 6 to your computer/laptop and get rid of the wireless. Thats the most secure way.
+1

Not at all. Cracking a WEP key does not require a large amount of 'true' traffic when there is packet injection. Brute forcing is not how WEP is cracked. It doesn't matter how complicated the key is, it CAN be cracked in mere minutes. You're thinking of WPA where if the key is complex enough, that cracking the network is next to unfeasible.

and if you use WPA/WPA2 with a good passphrase, security layers is definitely not required.

I think what he meant was that there needs to be a large amount of traffic on the WLAN in order for it to be cracked in that length of time. You obviously have done some 'research' on the topic of WEP cracking so you should know that if there is little or no traffic, you will have to wait to get the IV packets you need in order to crack the key.

I think what he meant was that there needs to be a large amount of traffic on the WLAN in order for it to be cracked in that length of time. You obviously have done some 'research' on the topic of WEP cracking so you should know that if there is little or no traffic, you will have to wait to get the IV packets you need in order to crack the key.

you can make your own traffic by deauthenticating the wireless clients and packet injection.

How would one gain access to somebody's computer if they hack your wireless?

A few things:
Hiding the SSID does nothing, and may actually harm your network, because your wireless adapter has to flood the air with requests to connect to the AP with your SSID, so it's easily sniffable.
Blocking certain MAC addresses is useless, since your MAC can be deauthenticated and spoofed easily.
While your encrypted sessions are done by the browser, it is still possible to do a man-in-the-middle attack to simulate the website you're visiting, thus stealing the desired passwords.

needless to say wep is bad.

Most wep hackers are just looking for free internet and may put you over your cap.

How would one gain access to somebody's computer if they hack your wireless?

At least one wireless driver in the past had a bug where sending a badly formed wireless network packet could allow someone to execute code on the PC that recieved it. And if they appear to be on the local network through the wireless connection they should be able to connect to any externally-visible service running on your PC, many of which have or had bugs which allowed people to break in.

If the PC is fully up to date on patches it probably has a pretty good chance of surviving, but exploits like that do still come along on a fairly regular basis.

A few things:
Hiding the SSID does nothing, and may actually harm your network, because your wireless adapter has to flood the air with requests to connect to the AP with your SSID, so it's easily sniffable.
Blocking certain MAC addresses is useless, since your MAC can be deauthenticated and spoofed easily.
While your encrypted sessions are done by the browser, it is still possible to do a man-in-the-middle attack to simulate the website you're visiting, thus stealing the desired passwords.

Well, regardless of how easily the above be cracked, I don't think there's any harm in implementing them. They're extra layers of security, although really weak ones. It's just important to remember that they're nowhere near infallible. The only downside, that I can think of, is that a wardriving (http://en.wikipedia.org/wiki/Wardriving) hacker will maybe go "hey, why is this SSID hidden?" and try to break in to see what it is you're trying to hide. I can't see any harm in MAC address filtering though.

WEP's better than nothing, but it can literally be cracked in seconds. WPA's not much better either. If anyone's concerned about wireless security, go with WPA2-PSK AES.

If you're using XP, upgrade to SP2 (if you somehow already haven't), download the additional WPA2 update (http://www.microsoft.com/downloads/details.aspx?familyid=662BB74D-E7C1-48D6-95EE-1459234F4483&displaylang=en), and then use the GRC.com password generator (https://www.grc.com/passwords.htm) to generate a 63-character long key. ASCII symbols like !?%$ can be used in WPA/WPA2 keys.

If your router doesn't have support for WPA2, check for firmware upgrades. Check for driver updates for your wifi adapters as well.

If your router somehow sucks that badly and doesn't support anything asides from WEP, consider getting something like a Linksys WRT54GL (GL, not G. The G sucks) which is compatible with third-party firmware like Tomato (http://lifehacker.com/344765/turn-your-60-router-into-a-user+friendly-super+router-with-tomato) , DD-WRT (http://lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php), or various other projects (http://en.wikipedia.org/wiki/WRT54G#Third-party_firmware_projects).

Well, regardless of how easily the above be cracked, I don't think there's any harm in implementing them. They're extra layers of security, although really weak ones. It's just important to remember that they're nowhere near infallible. The only downside, that I can think of, is that a wardriving (http://en.wikipedia.org/wiki/Wardriving) hacker will maybe go "hey, why is this SSID hidden?" and try to break in to see what it is you're trying to hide. I can't see any harm in MAC address filtering though.

WEP's better than nothing, but it can literally be cracked in seconds. WPA's not much better either. If anyone's concerned about wireless security, go with WPA2-PSK AES.
There is a point when too much is actually hurting you. It only causes you to jump through more hoops than it's worth. Even WPA is good enough with a strong passkey. The only way WPA can be hacked is through a dictionary attack, so don't use a dictionary word for your key. Many devices don't support WPA2, so it's not worth the hassle to upgrade all your equipment, especially when WPA is sufficient with a few precautions.

I think what he meant was that there needs to be a large amount of traffic on the WLAN in order for it to be cracked in that length of time. You obviously have done some 'research' on the topic of WEP cracking so you should know that if there is little or no traffic, you will have to wait to get the IV packets you need in order to crack the key.

Dave98 said packet injection, therefore with a good wireless card, even if you have little or no traffic you can still get enough IVs for crack.

for example, google for aireplay-ng.

you can make your own traffic by deauthenticating the wireless clients and packet injection.

exactly

not to mention that with the PTW method, cracking WEP requires far fewer IVs to crack now than it used to, resulting in much faster cracking.

Contrary to common belief, and as someone mentioned earlier, hiding ur SSID is a bad idea. Its reverse pyscology. By hiding your SSID, you think your hiding your router, hence your network. But now your laptop must "work harder" and has to emit siginals to search for the hidden SSID which can be sniffed. This means the hacker would actually go for your laptop, not the network instead.

That being said, SSID also causes incompatbility problems with some devices. Just use WPA with a really long random password. Best way to go and simplest.

Obviously I nee to brush up on my research ;)

This is funny... our local CTV guy 'Olson on your side' had something on securing wireless networks on tonight.

the 'expert' he had on says
'Then change the network name, and turn off the broadcasting of that name. That makes the network invisible to cyber snoops. "If you've got people driving by, if you've turned off the broadcasting of that, they won't even know you have a wireless network running," explains Allan.'

http://www.ctvbc.ca/servlet/an/local/CTVNews/20080403/BC_olsen_wireless_080403/20080403/?hub=BritishColumbiaHome