Skip to Content
Skip to Table of Contents

← Previous Article Next Article →

ATPM 10.07
July 2004

Columns

How To

Extras

Reviews

Download ATPM 10.07

Choose a format:

Networks in Action

by Matthew Glidden, mglidden@atpm.com

Using WEP Security on an AirPort Network

Introduction

You and your wireless network get along very well. It moves files where you need them, checks Internet weather when asked, and says nice things about your friends and relatives. It’s your metaphorical family dog that runs on electricity. This dog is friendly, though. Very friendly. Did you know that anyone near your house, even across the street, can call and ask your dog to fetch stuff for them? If not, it’s time for network obedience school.

Wired Equivalent Privacy

Wired Equivalent Privacy (WEP) is a way to protect network data moving from the AirPort Base Station (or ad hoc connection) to your computers. Using a specially generated software “key,” it scrambles the data. You need the key to unlock the data, so even if someone is listening in, it’ll look like garbage. WEP doesn’t keep them from receiving the wireless signal (nothing can, outside of shielding your walls and windows), but the data is useless without the key.

Someone Wrote It; It Must Be True

Many know WEP only by rumors of its design flaws. No lie—it’s not the world’s best security mechanism. However, it’s still practical for the standard home or small office user. Consider that the people you’re protecting against will steer clear of networks with any kind of security. Why break in through an upstairs window when the next house’s door is open? Just enabling WEP is most of the battle. Change the network key every week for even more security.

WEP and AirPort

Wireless products must support 64-bit WEP to be certified Wi-Fi compliant. There is also 128-bit WEP, but this article sticks to 64-bit, which all AirPort models support. Wi-Fi compliance shows as a logo on the box or Internet product description.

n-wifi

Assuming your network is already running, open the AirPort Admin Utility from the Utilities folder of your Applications directory. You should see your Base Station. If you don’t, verify that the Base Station’s power is on, then push Rescan.

n-base_station

Double-click the AirPort name (Steve in my example) or select Configure to open the preferences window. This shows the summary page, which includes WEP details when they’re enabled. For now, it should say “not configured.”

To enable WEP, select the Name and Password tab, then check Enable Encryption. Select Change Password… to open a window where you enter the new password twice. Then select Update to save the changes. Once the Base Station restarts, select it from the AirPort menu. If it asks for the password, enter it and save it to the keychain. Now the summary screen shows your Wireless Hex Equivalent Password.

n-password

Other Macs should do likewise—select the AirPort from the menu and enter the password to join. The password should be saved in the keychain, so you only need enter it once. Change this password any time you like using the same steps, or from the Show All Settings page.

n-show_all

Connecting a Windows 2000 system to my AirPort network required entering the Wireless Hex Equivalent Password, so you may need to write this down and carry it to the other computers. Macs should be able to use the password instead. (Your AirPort uses the password to generate the hex sequence, so the same password always generates the same hex values.)

Change your password weekly on home networks and more often on ones that see heavy use. This prevents snoopers from sitting and listening to traffic long enough to break the encryption scheme (very few will attempt this). Each new password renders any previous snooping useless.

Summary

WEP is a snap to enable, and its mere presence defends you from the majority of drive-by wireless thieves. Don’t let this security tool just sit in the box—protect your data before someone makes you wish you had.

appleCopyright © 2004 Matthew Glidden, mglidden@atpm.com. Matthew Glidden is the webmaster of Threemacs.com, a guide to constructing and maintaining home and small-office Macintosh networks. He can also tango and juggle, not necessarily at the same time.

Also in This Series

Reader Comments (8)

Ken Ben · July 2, 2004 - 17:29 EST #1
(rubs eyes) I had to check the date on this article. 2004? And someone is still advocating the use of WEP? Get with the times, Apple has wisely upgraded AirPort with support for WPA encryption, and all security-conscious Mac users should be using WPA now, not WEP. WPA addresses the shortcomings of WEP and is far, far more secure.
Jeffrey Mindich · July 4, 2004 - 08:41 EST #2
Hate to have to agree with Ken, but he's right. The only people who might opt for WEP would be those using a non-Apple brand of WiFi base station that doesn't have WPA capability. Also, some non-Mac notebooks may use wireless cards which aren't WPA compliant, in which case you have to use WEP if you want those computers to be able to share the network. Otherwise, WEP is destined for, if not already in, the dustbin.
Matthew Glidden (ATPM Staff) · July 6, 2004 - 00:30 EST #3
In my case, Mac OS 10.2.8 and the original AirPort are the products in use, so it's possible I can't run the latest and greatest. If the 3.4.1 AirPort software adds the WPA support (for 10.3+), that's probably why--if it's available to 10.2 users, please let us all know.
eric · January 22, 2006 - 09:45 EST #4
Get over yourselves. It's 2006 as I write this, and two of the six devices I network wirelessly in my home are WEP-only, no WPA, never will be.

That said, WEP is definitely at least an order of magnitude more difficult to implement than it needs to be....
Danny Spell · January 31, 2007 - 20:01 EST #5
Does an Airport card allow one to specify which WEP key to configure? On our network, we use the second key, not the first. On Windoze we can configure this, but on the Mac using Airport, we can't find where this is configured.
Lee Bennett (ATPM Staff) · January 31, 2007 - 22:01 EST #6
Danny - this slashdot forum item is the best discussion I found on this topic. Hopefully it'll provide the answer you need. Be sure to scroll down past the initial post to read the discussions.
John Sawyer · May 21, 2007 - 17:44 EST #7
Don't be misled by Eric's odd ideas above. I'm curious what he meant, when he said "get over yourselves", especially when he followed it up with "it's 2006". In 2004, it was pretty easy to break WEP quickly, and by 2006, it was even easier--by some estimates, it can take as little as five minutes, using various cracking tools. Eric seems to be boasting that he's using WEP--having a network that's easy to piggyback onto isn't much of a thing to boast about. Though some areas still have some people who haven't activated either WEP or WPA, the number is becoming fewer and fewer, and so crackers now concentrate on networks "protected" by WEP, instead of moving on to a totally unprotected network, since those might be harder to find than a WEP-"protected" network. I should point out that to break WEP (or WPA), active traffic needs to be occurring, so a cracker can't (as far as I know) figure out your WEP password unless someone is using your wireless connection, but someone correct me if I'm wrong about that.
Kynan C · July 21, 2007 - 19:28 EST #8
Your correct John you have to monitor network traffic but its so easy to do. WEP and security shouldn't be used in the same sentence.
Overview of WEP packets, (I'm locked I'm locked I'm locked I'm locked I'm locked I'm locked I'm locked here's the key) :()

Add A Comment





 E-mail me new comments on this article