Which type of Wireless Security is best?

2

If you remember a little while back I wrote an article on wireless security and I briefly mentioned that you should make sure that its turned on, and I mentioned that at a minimum you need to have WPA.

Now is the time to explain the differences between the different types so you can understand why I make the recomendations that I do.

There are 3 main types of Wireless security for your router.  They are WEP, WPA and WPA2.

WEP Encryption – (Wired Equivalent Privacy) 1997

This form of security has a few flaws.  The most noticeable being that the encryption is done in plain text.  It can be set to handle 64 bit encryption and 128 bit as well.  This format uses RC4 for its traffic key.  This is a very short key, and requires less packets to determine the network password.

Tests have been done on secured WEP Networks, and the key was determined in about 1 minute.   There are software packages that are readily available for people to download in order to hack into this type of network.  The latest ports have even been setup for the iPhone.  The info I saw showed an iPhone hacking a network in less than 2 minutes.

WPA – (WiFi Protected Access) 1999

This is still using the RC4 stream, but the key type was changed to TKIP (Temporal Key Integrity Protocol).  This was designed to replace the older, failing WEP format.  This format was designed to fix some of the flaws from WEP, but still needed to communicate with the older hardware.  This meant that a flaw was available for hacking in order to find the key.  This flaw is only able to decrypt short packets that were known to contain data.

WPA2 – 2006

This is a newer protocol, and might not work with all the older equipment that is still in some networks.  Some hardware will need to be replaced, or if you are lucky just have the firmware updated.

Based on the WPA format, WPA2 uses a much stronger advanced encryption standard, rather than RC4.

With WPA2 being the stronger format available, this is the best option for your network.  While nothing can ever be truly secure, there are steps that you can take to make it harder for hackers to retrieve your personal data.

1.  SSID (Service Set IDentifier) – try not to use common words or names for your network.  Use random letters B2BIR or pick an acronym that you can remember. ROY G BIV, JJASONDJFMAM, or SOHCAHTOA works for me.

2.  Once you have the network setup there should be an option to disable broadcast of your SSID.  This is why having a random acronym that you can remember makes it easier for you to enter your credentials

3.  Turn on the MAC (Media Access Control) Filter.  This means that only approved MAC addresses are allowed to connect to your network.

*note – While 99% of network cards have this information hard coded onto the hardware, there are some network cards allow you to type in your own MAC Address for the card.  This is primarily used to hack networks and to bypass licensing restrictions for software.  I own one of these cards, and they are extremely handy for those situations*

4.  Change your Network Key in intervals, ie every 3 – 7 days.  This is a manual process and requires all clients to update as well.

5.  Use a NetBEUI protocol for file sharing (Advanced users only).  As most people do not have this option enabled, and rather than using the IP address of the machine it uses the computer name to authenticate.

6.  While setting up the DHCP (Dynamic Host Control Protocol) on the router, set the available amount of licenses that it delivers to the exact number of machines on your network.

7.  Don’t use 192.168.0.1 as your default address for your router.

8.  Change the admin login and password on your router.

While some of these are basic and should be done, others are more advanced, and unless you feel comfortable, should be avoided, or you might need a professionals help you to set these options in place.  I am not able to post screen shots for setup as there are hundreds of manufacturers, and each one does things just a little bit differently.

I am happy to help you as much as I can through the comments, or I can do some consulting for you to assist with your setup.

Related posts