We recently had FiOS service installed and I asked the installer to use the strongest method
of encryption. (I thought that it was WPA2?). We have the Actiontec model WR.
My son recently noticed that it is WEP. What does everyone think about the differences of subject?
Thanks in advance!
Solved! Go to Solution.
They are differing security standards of various levels of capability. You should use the one which has the highest level of security supported by all of your devices in the order: WPA2, WPA, WEP 128, WEP 64.
If you can support WPA2 on all your devices, by all means you should be using it.
"If you can support WPA2 on all your devices, by all means you should be using it."
I'd have to check all wireless devices, but I presume they would if fairly recent production?
How would you check (i.e. Nook, laptops, etc)?
Re: WEP vs WPA or WPA2 ?[ Edited ]
10-12-2010 02:58 PM - edited 10-12-2010 03:09 PM
The easiest way to check is simply to switch to WPA2 (Verizon In-Home Agent can do this for you) and see what works and what doesn't. Anything with a "Wi-Fi" brand on it should work fine.
If some devices do not work, you can use In-Home Agent to switch back to WEP.
It is highly advisable to be using WPA2 if you are at all concerned about this sort of thing. WEP has been compromised, and it is easy for any mildly-determined attacker to gain access to a WEP encrypted network in a matter of seconds. WPA-TKIP also has vulnerabilities, but it is somewhat more difficult to attack (it takes several minutes.) WPA2 currently has no known vulnerabilities.
In general however, Mac address restriction is largely considered a waste of time from a security perspective. Mac addresses are easily spoofed (and someone who is targetting a network would know this) and serve little more than frustrate your own ability to put a legitimate device on your network easily. Sure, a casual user next door might be prevented from getting on your network -- but a good password serves the same purpose.
With that said, there is no harm in using Mac address retrictions, just don't be fooled into thinking it provides any real additional security.
Without going into the technical details which could be considered a TOS violation on the forums here ... The thing is the Mac address of the sending and receiving device are in each and every packet. So, regardless of whether your are running an unencrypted network with Mac filtering or an encrypted network with Mac filtering to which you've hacked the key, all you need to do is sit back and wait for a few packets to transit the network ... as soon as they do, you have Mac addresses of clients which obviously are on the permitted client list any one of which you could then spoof to insert yourself into the network.