[NTLK] wireless connectivity

Frank Gruendel newtontalk at pda-soft.de
Wed Sep 1 20:51:49 EDT 2010


> I sometimes wonder whether WPA/WEP encryption are really necessary for
> home networking. My wireless signal is pretty severely attenuated by the

The following is a true story. It happened to one of my oldest and dearest friends.

One morning the door bell rings. He opens the door and finds a couple of policemen at his doorstep.
They enter, confiscate his computer and leave.

He is dumbfounded and tries to find out why this happened. He learns that recently the German
authorities managed to get their hands on IP addresses that were used to surf on sites showing
children in situations that, if my child was shown there, would cause me to get a shotgun and kill
the web master. I guess you can figure out which kind of web site I mean.

Thank God he was able to prove that at the time his IP address was used, he was on a business trip a
couple of hundreds of kilometers away from home. If he hadn't been that lucky, he might be in jail
today.

It took more than a year before he got his computer back. He NEVER got his hard disk back.

When he told me of this, I asked him a couple of questions: This went somewhat like this:

Me: "Say, how do you normally connect to the internet?"

Him: "Err... I start Internet Explorer."

Me: "No, that's not what I mean. Is your computer connected via DSL, or through a modem connected to
a telephone line?"

Him: "The computer is connected to a box with many LEDs that 1&1 sent me. And that box is connected
to the telephone socket."

Me: "OK. That box is called a router. So you have an ethernet cable from the router to your PC?"

Him: "No, I haven't. It works without a cable."

Me: "So you probably have a small stick connected to one of your computer's USB ports, right?"

Him: "Yep!"

Me: "OK, that's what is called wireless LAN. What type of encryption are you using? WEP? WPA? WPA2?"

Him: "???"

Me: "Encryption is something you set up in your router. This is very important because it ensures no
one else can use your WLAN."

Him: "I wouldn't care. I have a flatrate."

Me: "But people might use your WLAN for forbidden things. Did you change anything at all in your
router's setup?"

Him: "No. I just set it up the way it was shown in the 1&1 brochure, and it worked ever since."

Me: "Do you turn the WLAN off when you aren't using the computer?"

Him: "No, it's on all the time. I don't even know how to turn it off."

Me: "You don't even turn it off when you're on vacation?"

Him: "No, why should I?"

Me (gulping): "Let me have a look at your router."

It was a DrayTek router. Since I once had the same model, I knew the default settings. I fired up
the configuration program, and as expected none of these settings had been changed in any way. My
friend had a completely unprotected WLAN that anybody knowing the default SSID could use to his
heart's content.

Until then I was of course aware that one should always use the best encryption possible. But I
hadn't really spent a minute's thought on what can happen to you if you fail to do so. Everybody can
park in front of your house and browse illegal web sites to his heart's content without being
caught. Especially people who know you are away. And unless you can prove that it wasn't you who
used the IP address in question, this might well be the end of the life you are used to. You might
get in jail, lose your job, lose your family and prevent your offspring from getting an education
appropriate to his intelligence.

Since then, nothing less than WPA2 is used in my house. WLAN is turned off the minute it isn't
needed any longer. If ever a better encryption than WPA2 comes along, the first thing I'll do is
replace my router with one that supports it.

You might want to make a test in a large city. Chances are good that you'll find a couple of
completely unprotected WLANs in every street. And most of what remains still uses WEP encryption,
which can be cracked within minutes if you have both the tools and the criminal energy.

My friend, by the way, is still using the same DrayTek router. Configured by yours truly to use the
best encryption it can handle: WEP. Some people never learn.

Frank

-- Newton software and hardware at http://www.pda-soft.de




More information about the NewtonTalk mailing list