The Linksys WAP Extender works - You need to make sure you run the software as well as make sure that your primary WAP it is extending is 802.11G as well.

I used them in 3 or 4 projects, they show up on the network as the same name as your inital WAP.

I totally understand that clients want things simple. That is the inherent contradiction between security (makes at least setup more complicated) and ease of use. However, hacking into your PC is not the only potential damage. What about using your internet connection and IP address to do illegal/immoral things? I would contend that at least setting 128-bit WEP (Wired Equivalent Protection my rear end) encryption should be doable. Leave the client with a paper copy of the key. Leave SSID broadcast on. (Gasp). Once they attempt to connect to the network, they will be prompted to enter the key. They enter it and voila - they're in. Of course, if you have a customer who is unwilling to listen/learn, there's nothing you can do. Ultimately, a determined and slightly skilled hacker can get into any wifi network. That doesn't mean they need to be invited.

To me, saying you only use it for e-mail and surfing the web is like saying you are leaving your keys in the convertable, the ignition running, the doors unlocked, and the windows and top down because you only use it for cruising along the beach. And please, understand, this is knocking the clients - not you, Alan. :)

No doubt it greatly depends upon the client, where they are, what type of person they are, who will typically be using the network, etc.

My father runs an wide open network at home. He doesn't have any neighbors that are close enough to his home that could pick up a signal, and the street is a good 50-100 yards away from the house. He actually has trouble getting signal in parts of his house, an old limestone house built in the early 1900's. So for him, a more technically niave individual, the easiest route is the best route.

Where I live though, where my neighbor's houses sit 20-30 feet from mine, a tightly packed neighborhood, on any given night I can see 2 to 3 wireless networks within range. So I'm in a position where I definitely should take all the required steps to ensure protection.

It's definitely a give and take situation, but as more and more people jump on the wireless bandwagon, and as more "Wi-Fi" products hit the market, security will become more and more of an issue.

I agree with you. On the other hand you might be surprised to learn how many wealthy clients do not turn on their security systems or keep their doors unlocked. Their answer when I enquire about this ( I make service calls to empty homes ) is that they have insurance. One other fact is that a malicious hacker already possesses the software and know-how to defeat WEP( or so the IT folks tell me. )

I jump on open networks everyday in NY. In is very kind of them when I am on job sites and need product information fast. What I think these very smart individuals do is make an informed risk assessment. Ease of use or access vs the risk of a malicious attack. The risk of a virus is much greater than the sort of attack you suppose but I again find myself arguing at the margins for I completely agree with you that at minimum no wireless network should broadcast its SSID and WEP encryption should be implemented. But ultimately the client is the final arbitor and determines how much risk he is willing to tollerate. We as information conduits need to provide accurate informatiion for him to assess that risk .

Alan

It's readily available. I can be through a 64-bit WEP encrypted system in under 5 minutes. 128 takes a little longer. Of course, that's using a means of intrusion that's easily detectable as it involves disconnecting an active connecition and logging packets as it reconnects. Passively (i.e. stealthily) takes slightly longer.

that's using a means

Ummm, I think the last thing I'd be worried about finding you in my home plugging and unplugging a Cat5 cable is my wireless network security.

Check that, make that the last thing YOU'D be worried about.....

:)

Toms Hardware did a two part series on cracking WEP, and if I remember correctly they did it through a single laptop.

Tom's Networking, 3-part +FBI article and two laptops. It can most certainly be done using a single laptop, though. :)