Sahir folder over WI-FI using WEP ... Is It secure ??

Posted on 2006-07-14
Last Modified: 2013-12-04
I have an XP box that is connecting to a 2000 professional machine's shared folder

The folder only has

Administrator and system users
Plus My account that has the same username and password on both machines to keep access easy.

I connect to the folder via my WI-FI router from the XP box

The Router has wep 64 ( I think its 64) enabled and mac filtering

What I need to know is how secure is this set-up ??

Is it easy for anyone else to pick up in the documents im coping to and from this shared folder over the WI-FI ??

Question by:silki
LVL 14

Assisted Solution

ECNSSMT earned 40 total points
ID: 17108847
don't advertise your SSID; that should help.

nothing is ever really secured; it's more like how valuable is your information and how much time is the perpetrator willing to spend on hacking into your system.  If someone else already knows the encryption key your are using , your XP username and password; I haven't seen wireless cards with alterable MAC addresses (but that's just me), but all bets are off.  You also have to look at physical accesibility too, is this area traversed by the entire world or is it limited to a select few.  i.e. is the radius of the WAP limited to your neighbors (assuming its residential) or if its on a school campus; what kind of students liberal arts students or hardcore CS majors.  You assess your security with the existing environmental parameters.

Otherwise; after the rant, under normal circumstances you are fairly safe; most of the people that look to get access to a wireless network are people looking for free internet access, there are enough WAPs out there that if they can't get access to one WAP they look for another.  With the XP login, MAC filter, WEP or WPA, and hidden SSID; I see no issues...


Assisted Solution

GeneralMandible earned 40 total points
ID: 17109165
WEP is crackable, but someone would have to capture quite a few packets.  If you are really paranoid, another measure you can do is change your WEP/WPA key every 90 days or so.  ECNSSMT covered everything you need.

Accepted Solution

Chatable earned 45 total points
ID: 17109527
If we're talking at the Wi-Fi level, then no it's not secure because WEP can be cracked in several days (for average networks). MAC filtering is also not secure because someone can run a wireless sniffer and get your MAC (which can be changed through software).
To properly protect your network, I have two recommendations:
1) If you use modern equipment, you should switch from WEP to WPA-PSK (WPA is even stronger but it's not practical for home networks). WPA (and WPA-PSK) uses better encryption that is not trivial to crack.
2) Secure computers connected. The idea is that even if someone managed to access your network, s/he wouldn't be able to achieve much. For Windows computers sharing folders this would be:
* Make sure that all shared folders have proper permissions and that no shared folder has permissions for everyone.
* Disable the guest accound
* Make sure that all users that have access to the shared folders have strong passwords set.
* Tighten your login by changing the security option "LAN Manager Authentication Level" (under local security policy) to (at leat) "Send NTLMv2 response only\resuse LM" (note: this will prevent old 9x and NT4 computers from accessing your computer).
But then again - note that files transfered from shared folders are sent unencrypted (at the transport level). This means that even if you've secured your computer properly, if someone managed to connect to your wireless network, eventhough s/he won't be able to access your computer directly, s/he will be able to use a network sniffer and capture the files as they are transfered between two of your computers. The only way around this is not to use shared folders at all but a different method of sharing files, that supports strong encryption (like HTTPS) - or just secure your network with WPA or WPA-PSK like mentioned earlier.
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

LVL 14

Expert Comment

ID: 17132688
Hi  silki,

Did that help out? Or do yo need more information?


Author Comment

ID: 17136796

Sorry iv just been looking into what you have all talked about.

My current cards will only go up to wep 128bit so im looking into getting new cards that use WPA, but before i do this i want to make sure WPA is ok to use, Chatable  says "WPA is even stronger but it's not practical for home networks"

From what you have warned about and my current location i think that "XP login, MAC filter, WEP, and hidden SSID" will be ok then maybe change the wep key every month or so, but generally I will be more protected ??? which is all you can do really, its just this WPA stuff Im going to look into more !
LVL 14

Expert Comment

ID: 17137771
Its all relative.  Security is not  a single layer solution.  The wireless SOHO routers offer 3 options to enable for security.  The 802.11g routers offers an improvement on WEP; that's WPA.  

Another layer in this; assuming that your desktop is the intended target is Window's file security.  If you want to add one more layer; you can monitor traffic via a sniffer, if you are curious about what is hitting your shared folder.  (Its a freebie....  if you have a managed switch, you can use this to see ALL of the port traffic, the unmanaged devices you can only see traffic on the one port where the app is installed)

another thought is that you can always turn off the wireless protion of the router when you are not using it; if its not on, no one can get in.

Whether or not you buy the more secured device is really up to you.  Everyone is saying get the best security possible.  If we take a look at an anology to a vault or safe.  The most secure safe is a bank vault that can be rated as being compromiseable in 50 man hours (say).   You buy a safe that is rated as being able to be compromised in 6 man hours
(WEP) for $$.  A newer safe hits the market with a rating of being able to be compromised in 10 man hours at a cost of $$; its more secure than the the previous safe.  Do you buy it?

If you think you need it, then buy it.  But just as a fyi, when I was using 802.11b; WEP was OK for me.  But then again my only concern was someone leeching internet service from me.  My biggest hinderance was; 1 the latop still had to connected to a power outlet especially for long periods of use, and 2. wired connections beats wireless in terms of thru put any day.

Sorry for the long winded epilog.  Hope it helps you decide definitively.  And thanks for the points...


Author Comment

ID: 17138963

Just a Quick question you said that "WPA is even stronger but it's not practical for home networks" ... what did you mean by this ??

I only have two machines and to maintain at home and I would class my PC knowledge as pritty high !

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Change Polcy settings to defaults 7 95
bypass UAC - always notifiy 4 78
Server 2008-R2 lost password 19 109
UAC Controls - confused 9 94
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question