« Java developers - test Cobia SDK | Main | Harrington's views on Cobia »

April 12, 2007

Bury WEP already - WEP R.I.P.

Wep_tombstone The WEP patient has been on life support for too long. Zero brain activity. Everyone agrees WEP should never be used now that WPA-PSK ships in all wireless equipment. Here are some other views on the subject (here, here and here)

I installed a WAP a couple of months ago and was surprised to see WEP there, right along with WPA and other options.

I haven't ranted about this in a while but if we are ever to truly improve security then it has to be automatic. We cannot rely on every end user to configure their own computer, wireless access point, etc., for appropriate security settings, more-or-less many basic security settings.

First of all, why is WEP even an option in ANY wireless access point. (That's a statement, not a question.) Get rid of it! Hit it with the degausser. Drop a small nuclear EMP device on that code. Take it out! No one should be using it.

Next, require the user to change the initial password and SSID on first time setup. How many Linksys, Netgear, etc., devices are sitting out there in homes and businesses with "admin/123" for the user id and password. Come on, lets at least get the basics right. Worried about too many calls to the product help desk when users forget the password they used? Request an email address so the WAP will email their password to them. Give them help text when they log in showing them how to reset to factory defaults if they forget their password. Forget the password, you have to reset and configure the device. That's a small penalty for the user to pay for not remembering their password.

Next, ship all wireless access points with at least WPA-PSK enabled and require the pre-shared key be set upon first time use. Don't ship the thing with no security enabled. That's stupid. It would be like buying a new house but locks on doors would be an upgrade. Get real. Let's help users security their networks.

We as an industry must get smarter about how we help customers help themselves and not install equipment that is unsecure right out of the box.

And please, lets have the funeral for WEP so all of us can move on.

Posted |

|

Comments

The comments to this entry are closed.

What I Do

  • product creator, software developer, IT, mobility, smartphones, productivity, musician, guitarist, social media, cloud services, virtualization, security, broadband, data networking, open source, blogger
  • I like to talk about...
    iPhone, iPad, Google Android, smartphones, apps, tablets, graphics cards, laptops, desktops, netbooks, Windows 7, MS Office, Windows Server 2008, .Net, Java, Linux, VMware, Hyper-V, Citrix Xen, application virtualization, gaming, MMOs, Fender guitars, Stratocaster, Telecaster, guitar amps, studio recording, praise and worship music, song writing...

Social Networks

Mitchell Ashley's Profile
Mitchell Ashley's Facebook Profile
Create Your Badge

My Blogs

Categories

Archives

More...

Book Quote

Misc

Blog powered by Typepad

Enter your email address:

Delivered by FeedBurner

Check This Out

Disclaimer

  • Everything on this blog and my podcast are only my views and opinions, and are not those of my current or past employers, investors, customers or anybody else. I make no representations as to the accuracy, validity, relevance or importance of anything I say here. Some of what is said here could very well be true (most likely by accident), a lot of it is obviously made up, and all of it is only one man's opinion. All spelling and grammatical errors are purposefully placed to throw any lawyers off the trail. And if you are a lawyer, "move along... this isn't the blog you're looking for". Read and listen entirely at your own risk, and please, don't try any of this at home (work or school.) Now, get back to work - before somebody catches you reading blogs all day instead of doing something productive. And yes, consider yourself notified.