>Needed to turn off WEP on my Base station to get my silver orinoco card to >work...does it REALLY matter...is anyone really capable of seeing my >transactions, are they really interested?...or is WEP really for big biz, >etc.??? Should I worry? Opinions???
WEP is flawed by design, as you may know, and easily broken (a passive sniffer can recover your static key quite quickly). My view is that most anyone who knows enough to run a packet sniffer on a wireless interface in promiscuous mode (to monitor a network without WEP) will also know enough to run Airsnort or something equivalent (to crack WEP). Thus it makes little difference whether you run it or not. It does create a small impediment, requiring the capture of a certain amount of traffic before sniffing (or actively associating with and using the base station) can occur. That window is likely to be short if you get much use out of your wireless network. That actually means it'll be quicker for someone to crack WEP for "big biz", since there's likely to be more traffic to grab and analyse. Because of the nature of those design flaws, there's basically no more security in a 128 (104) bit key than a 64 (40) bit key. You should be able to run most base stations that support longer keys with the shorter one instead. Perhaps not the older Airport base station, though (on a side note, I can highly recommend the D-link DI713P to anyone looking for a wireless access point after recently setting one up for my sister - cheaper and more capable than Apple's offering). You can turn on access control per MAC (network card) address, but this also provides only a little security. Traffic can still be sniffed (transactions and email read, etc), and it's trivial to use that to monitor any authorised MAC addresses in use and spoof one of them in the future. You might notice the sporadic dropouts if somone were using the same MAC address as you at the same time, but you might not (and since they're the ones actively monitoring, they can just avoid conflicts). The upshot of all that is that 802.11b *cannot* be secured. People in your broadcast range can always monitor the content of network packets, so if you need to transfer sensitive information, make sure it's separately encrypted (SSL for web sites, encrypted IMAP, POP or SMTP for mail, etc). Similarly it's difficult to truly deny anyone the use of your access point if they really want it unless you use a separate authentication mechanism like RADIUS (and you're unlikely to be doing this at home). The best thing to do is simply put your access point in a location where it mostly covers your real estate and not someone else's (the middle of your house, for instance). And then don't worry too much about it - there really isn't likely to be anyone roaming around your neighbourhood or aiming high-gain antennas at you. Unless you live next to Central Park, in which case you can probably afford a security consultant. ;) ---------- Duo/2400 List, The friendliest place on the Net! A listserv for users and fans of Mac subportables. FAQ at <http://www.themacintoshguy.com/lists/DuoListFAQ.shtml> Be sure to visit Mac2400! <http://www.sineware.com/mac2400> To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> Need help from a real person? Try. <[EMAIL PROTECTED]> ---------- Dr. Bott | 10/100 Ethernet for your 2400 is finally here! MPC-100 | <http://www.drbott.com/prod/mpc100.html> RoadTools $30 PodiumPad available at Apple retail stores, $20 Traveler CoolPad at Staples. Both in white for iBooks at <http://roadtools.com> Midwest Mac Parts ][ <http://www.midwestmac.com> After-market parts for Macs. ][ 888-356-1104 ][ MacResQ Specials: LaCie SCSI CDR From $99! PowerBook 3400/200 Only $879! Norton AntiVirus 6 Only $19! We Stock PARTS! <http://www.macresq.com>
