How Can I Protect My Wireless?
You just got a new wireless device for your office. Now all you have to do is set it up. Should be as simple as plugging in a few cords. But then you get around to setting up your new wireless network, and the router asks what protocol you would like the signal encrypted in. Over the years the options have grown, and they haven’t gotten any clearer on what, exactly, the best encryption method is.
Encryption
Let’s first talk about what encryption is and why it’s important. Wireless encryption is a way to scramble your wireless signal so that no one can “listen in” on your network. Without network encryption anyone would be able to see the web pages you visit, the messages you send, and, in some cases, sensitive data that you send over your wireless signal.
Even more than that, access to your network means that the hacker would be able to use your network to do any nefarious activity they wished. They can reroute their traffic so it looks like it’s coming from your router. This means that if they’d like to use your router to form a botnet, or send malicious spam, or pirate copyright-protected material, or whatever other illegal activity they choose, it will be your home or business the police visit.
WEP - Wired Equivalent Privacty
When it comes to encrypting your network you have two different choices: WEP and WPA.
WEP stands for Wired Equivalent Privacy. WEP is a type of open authentication protocol. Open authentication allows any device to authenticate and then attempt to communicate with the router or access point. Any device which WEP keys match the access point’s WEP key can communicate with it.
WEP meets its weakness in the form of repetition. With WEP everyone on the network is sharing the same key in order to communicate with the server. Because of this, the more people you have connecting to your network and the longer the WEP key remains unchanged the less secure the overall connection is.
Another large downfall of the WEP encryption method is in the fact that it provides no cryptography integration check. This has the potential to allow malicious packets through the network, putting all the devices on the network at risk.
With the computing power available today, WEP encryption can easily be hacked within minutes using freely available software one can find online. In fact, back in 2004 the Wi Fi Alliance officially retired this security protocol. Despite this, it is still a widely used method for encryption on many home and business wifi networks.
WPA - WiFi Protected Access
WPA (which stands for WiFi Protected Access) was the Wi Fi Alliance’s response to the vulnerabilities found in WEP. The keys used by the WPA protocol use 256-bit encryption, which is significantly more secure than WEP’s 64-bit and 128-bit encryption keys. WPA also brings to the table a multitude of different security measures to ensure no one is trying to hack into your network. WPA uses message integrity checks, which can be used to determine if an attacker has captured or altered any packets being passed between the access point and client device. It also uses TKIP (Temporal Key Integrity Protocol). TKIP is a network protocol the employs a per-packet key system, which is tremendously more secure than WEP’s fixed key system. TKIP was later replaced with AES (Advanced Encryption Standard) which is even more secure.
Unfortunately, even WPA is vulnerable. Interestingly enough, WPA’s main vulnerabilities lie in a supplementary system that was rolled out with WPA-WiFi protected Setup (WPS). This was a protocol designed to make it easy to link devices to modern access points. And, unfortunately, is also easily exploitable.
WPA2 - WiFi Protected Access II
As of 2006 WPA has officially been superseded by WPA2 (Wifi Protected Access II). The WPA2 protocol mandates the use of AES algorithms as opposed to allowing the less secure TKIP. It also introduced CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) to further secure its network.
Unfortunately, the same vulnerability that is present in the WPA protocol is also found in WPA2 - WPS. This feature should be disabled on all access points and routers in order to maintain a more secure network.
A Summary
Still confused as to wifi security method is best for your business? Below is a list of security methods ranks from most vulnerable to most secure. Ideally, you should pick the most secure wifi protocol that your router supports.
Open Network (no password or security)
WEP
WPA + TKIP
WPA + TKIP/AES (meaning TKIP is an available fallback method)
WPA + AES
WPA2 + AES
Happy computing!