Saturday, July 11, 2009

Good Lifehacker post on how crackable WEPs are. When I take out my laptop in a public area I don't see nearly so many anymore, but I'm sure there are still a lot of people out there who don't understand the difference between WEP, WPA, and WPA2 and aren't aware that they need to upgrade their wireless network security.

I don't really get to study wireless networking until fall semester, but just for the heck of it I'll explain the differences here. WEP, WPA, and WPA2 are all methods of encrypting data before sending it out over a wireless connection. The encryption is done by software embedded in the router, and it only lasts as long as the data is being transmitted--the data is decrypted again before it reaches the wired network.
  • WEP (Wired Equivalent Privacy) encrypts data with 64- or 128-bit encryption keys. The problem is that the keys are static, meaning that any hacker worth his or her salt can crack them in a reasonable period of time.
  • WPA (WiFi Protected Access, also known as TKIP--Temporal Key Integrity Protocol) uses 256-bit encryption keys, but changes them at set intervals. Better than WEP, but crackable with a bit more effort.
  • WPA2 is based on 802.11i, which is the standard for commercial-grade encryption products. It is the best of the three in that it actually generates a new encryption key for each session.
One Lifehacker commenter, MaribelAlligator, offered a really good analogy to describe the effectiveness of each of these methods:
I like to use the analogy of door locks. WEP is closest to a bathroom or bedroom lock (the kind you can unlock with a stiff pin). It'll let people know you don't want them to enter, but anyone with a the slightest bit of knowledge can get past it. WPA is like a standard door lock; it's a lot more secure, but it is still possible to get by for someone with the right tools, knowledge, and circumstances. WPA2 is like a bank safe. It may be possible to defeat, depending on how it's been set up, but it's not realistically possible for anybody to actually do so... yet.
Someone else in comments likened WEP to a "No Trespassing" sign--the people who will read the sign and go away aren't the ones you have to worry about. Someone who wants to get in very badly, however, will find a way.

Thursday, July 9, 2009

Done with my PC Hardware and OS Maintenance class. Eight weeks, nine hours a week. It was kind of brutal, but I mostly enjoyed it.

Our instructor showed us our grades at the end of class--I got a 99.25%. Don't know if that's the highest in the class, but it's up there. "Nice job," he said. "You deserved it." I said that the class indicated to me just how much I had to learn, but he pointed out that now I understood that it was all stuff that was knowable. And that's important.

So now I'm focusing mostly on my Networking course...and it's starting to get interesting. It helped that the week before networking started, our hardware/OS instructor gave us an introduction to most of the concepts, and there are two good chapters in the textbook that provide a nice overview of local and wide-area networks. It was good to take this course before plunging into networking--some of my classmates who had taken networking first mentioned that they'd been a bit lost and wished they'd taken this class first. I suspect it's a good prerequisite for a lot of things, but most of all, it gave me confidence.