Alan wrote: >>> Consensus is that WEP is a complete waste of time, now. >> <sarcasm> >> So, to your way of thinking, everyone should just run their AP wide open >> if they aren't running WPA. Or is WPA not enough? >> >> On a similar vein, should I also leave my keys in my car and my front >> door unlocked since someone with the right knowledge can steal my car or >> break into my house anyway? Just wondering. > > WEP has zero security effect. The scanning tools will crack wep keys > trivially so in many cases an attacker won't even *notice* that you have > wep. It's more like having a lock on your car door that doesn't work at > all. It keeps out accidental browsers, because someone has to try the > door to notice it isn't locked. > While it may not provide much in the line of security, enabling WEP is still worth while from a liability standpoint. If someone does use your wireless connection, and does something illegal, it shows that you at least tried to secure it. It is like locking your car and taking the keys with you - it will not stop someone from stealing it, but it does lessen your liability if someone does steal it, and hit someone else. Your insurance company may not cover your loss if your left your keys in the car, and you may also be partially responsible for damages caused... In the law, there is a big difference between using even a poor lock, and not using any lock at all. The fact that the lock manufacturer tells you it is a good lock goes even farther toward protecting you. The wireless router manuals I have seen say that WEP provides security - they do not tell you that it is poor security. It would be interesting to see how that representation would affect your liability. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
