188 Part III: Installing a Wireless Network
he (theoretically) won’t be able to make heads nor tails of it. It’ll be gibberish. So even though your data is beamed right through the side of the house into that snooper’s PC, it will arrive in an unreadable form.
WEP also has a second security function: Not only does it encrypt your data being transmitted over the airlink, it also can be used to authenticate users connecting to the access point. In other words, not only do you need a WEP key to decode data transmitted over the airlink, but you also need a WEP key to get your computer connected to the access point in the first place. If an access point has WEP enabled and you don’t have the key, you can try and try, but you’ll never get connected to it.
Although the WEP key itself is a long series of numbers and letters, you often don’t have to make up this key yourself. (It’s harder than you think to just spew out some random numbers and letters.) Instead, you just have to enter a pass phrase (some regular English words that you can remember), and the software will use this pass phrase to generate the key for you.
How about a bit more about WEP?
WEP encrypts your data so that no one can read it unless they have the key. That’s the theory behind WEP, anyway. WEP has been a part of Wi-Fi networks from the beginning. (The developers of Wi-Fi were initially focused on the business market, where data security has always been a big priority.) The name itself belies the intentions of the system’s developers; they wanted to make wireless networks as secure as wired networks.
In order for WEP to work, you must activate WEP on all the Wi-Fi devices in your network via the client software or configuration program that came with the hardware. And every device on your network must use the same WEP key to gain access to the network. (We talk a bit more about how to turn on WEP in the “Clamping Down on Your Wireless Home Network’s Security” section of this chapter.)
For the most part, WEP is WEP is WEP. In other words, it doesn’t matter which vendor made your access point or which vendor made your laptop’s PC card network adapter — the implementation of WEP is standardized across vendors. Keep this one difference in mind, however: WEP key length. Encryption keys are categorized by the number of bits (1s or 0s) used to create the key. Most Wi-Fi equipment these days uses 128-bit WEP keys, but some early gear (like the first generation of the Apple AirPort equipment) supported only a 64-bit WEP key.
A few access points and network adapters on the market even support longer keys, such as equipment from D-Link, which can support a 256-bit key. Keep in mind that the longest standard (and common) key is 128 bits. Most equipment enables you to decide how long to make your WEP key; you can often choose
Chapter 10: Securing Your Wireless Home Network 189
between 64 and 128 bits. Generally, for security purposes, you should pick the longest key available. If, however, you have some older gear that can’t support longer WEP key lengths, you can use a shorter key. If you have one network adapter that can handle only 64-bit keys but you’ve got an access point that can handle 128-bit keys, you need to set up the access point to use the shorter, 64-bit key length.
You can almost always use a shorter-than-maximum key length (like using a 64-bit key in a 128-bit-capable system), but you can’t go the other way. So if you set your access point up to use a 128-bit key, your older 64-bit network adapter won’t be able to connect to it.
What’s wrong with WEP?
WEP sounds like a pretty good deal, doesn’t it? It keeps your data safe while it’s floating through the ether by encrypting it, and it keeps others off your access point by not authenticating them. In fact, it’s pretty good. Notice that we didn’t say that WEP is great or superb or awesome. Just pretty good.
We’re actually being somewhat generous. With the proper tools and enough network traffic to analyze, a dedicated network cracker can break WEP (or independently figure out the WEP key by using some mathematical techniques) in a relatively short time. In the business environment, where a ton of traffic is traveling over the wireless network and valuable business secrets are part of this traffic, this is a pretty big deal. The math to break WEP is pretty hard (you’re not going to do it in your head), but plenty of freely available tools
are on the Web that let a computer do it relatively quickly.
We’re being generous with WEP because we strongly believe that in the home environment — particularly in the suburbs and other less-than-densely populated areas — the chances of you having someone who can pick up your signals AND be motivated to go through all the trouble of breaking your WEP code are pretty darn slim. No one’s ever tried to do it to us, and we don’t know any folks who have had this happen to them at home. So we don’t sweat it all that much.
But we do think that WEP needs to be improved. We use wireless networks at work too, and we’d like additional security. The final section of this chapter, “Looking into the Crystal Ball,” talks about some newer systems that are on the way which will complement or supplant WEP entirely and offer greater security.
We’re writing Wireless Home Networking For Dummies here, not Secure Office Wireless Networks For Dummies. More sophisticated security systems are available now for business networks that can improve upon the security of a wireless LAN. Many of these systems rely upon using stronger encryption