Number 298 - March 2008
WEP Is Not Secure
by Darry D Eggleston, GTBPCUG


   The "60 Minutes" TV show, on November 25th, featured a depressing segment on how easy it is to get credit card and other personal information from major companies and off of any wireless router using WEP.

   To read the transcript, go to: http://tinyurl.com/yofx9k.

   To view the video, go to: http://tinyurl.com/32bp9j. WEP, fielded in 1999, was the encryption code used as the big chain stores started going wireless, but within a couple of years, hackers had cracked WEP, rendering it obsolete.

   (If you go on YouTube, you can learn how to disable WEP in minutes.)

   There's a much better encryption code called WPA. In fact, credit card companies urge retailers to upgrade to WPA, but the expense of doing it causes many stores not to use it even though hackers can tell who hasn't upgraded.

   Canadian Privacy Commissioner Jennifer Stoddart, who led the investigation of the TJX theft for the Canadian government and the Province of Alberta, released her findings on TJX which operates chains in both countries.

   In 2005, a TJX vice president sent his bosses this email: 'We are still vulnerable with WEP as our security key. It must be a risk we are willing to take for the sake of saving money.

   "By then, the hackers had already broken in, and once in, raided not only the two Miami stores, but over 2400 TJX stores in the U.S., England, and Canada, walking away with close to 100 million credit card numbers.

   "Because all the stores are networked to a central server, by getting in at any part of the network, they could then make their way virtually to the central server and siphon off the information for a year and a half undisturbed.

   "On top of the credit card numbers, the hackers got hundreds of thousands of drivers' licenses and Social Security numbers, and military IDs -personal records about their customers kept for years after the purchases were made."

   Bottom Line: If you are using WEP on your wireless router, change to WPA immediately. If your router does not offer WPA, invest in a new, standard 802.11g router.

Setting a router
   After reading the previous information, the obvious question is, "How do I tell if I have my router set to WEP or WPA?"

   Don't be concerned with which one you have, reset it to WPA. Even if you have WPA, it's time to reset your "pass phrase" any way. (A router uses a "pass phrase," not a password."

   1. Turn your router upside down or look on the rear for a small pinhole. It should be labeled "RESET."


   2. With the router turned on, unbend a paperclip or use a ballpoint pen and insert it into the hole. You will feel a small button inside. Press on it with the tip of the clip/pen.

   Hold the button down for 10 seconds, or until the lights on the front of the router stop blinking. The router will reboot within about a minute and be ready for configuring from its virgin state.

   NOTE: Some products require you to turn the power off, then press and hold the reset button, then turn the power on with the reset button depressed.

   The rest of the instructions are the same. Try this method only if the first method fails.

   3. Follow your manual on setting up WPA

   Don't have a manual for your router? Visit the website for the manufacturer. You'll be able to download the manual, in PDF format, to your PC. Follow the instructions for setting the security settings.

   4. IF your router does not offer WPA, buy a new one. Prices for the new, standard 802.11g router begin at $40 plus tax.

   Setting up a secure router is like traveling through the jungle with an 800-pound gorilla. It's a bruising, rough trip but no one is going to mess with you.

What Is This Thing Called a Router?
   A broadband router combines features of a traditional network switch, a firewall, and a DHCP server. Broadband routers are designed for convenience in setting up home networks, particularly for homes with high-speed cable modem or DSL Internet service. A broadband router supports file sharing, Internet connection sharing, and home LAN gaming.

   A local area network (LAN) is a group of networked computers, printers, or other hardware devices that are all connected relatively close to each other like an office, home or school. It allows connected users to share files, printers or other applications. Whether as small as two computers or much larger in size, a LAN's major purpose is to allow users to share information quickly and easily.

   A wide area network (WAN) is a group of networked computers in a much larger geographical are, such as a state or country. The best example of a WAN is the Internet, which spans the entire world. A router connects your personal LAN to the WAN using a type of network protocol called TCP/IP.

   Read about routers and how they work at http://tinyurl.com/e3ww3. Advantages and disadvantages of different routers and how to select a hardware router can be found at http://tinyurl.com/37kez7.
  Number 298 - March 2008