Which type of Wireless Security is best?
If you remember a little while back I wrote an article on wireless security and I briefly mentioned that you should make sure that its turned on, and I mentioned that at a minimum you need to have WPA.
Now is the time to explain the differences between the different types so you can understand why I make the recomendations that I do.
There are 3 main types of Wireless security for your router. They are WEP, WPA and WPA2.
WEP Encryption – (Wired Equivalent Privacy) 1997
This form of security has a few flaws. The most noticeable being that the encryption is done in plain text. It can be set to handle 64 bit encryption and 128 bit as well. This format uses RC4 for its traffic key. This is a very short key, and requires less packets to determine the network password.
Tests have been done on secured WEP Networks, and the key was determined in about 1 minute. There are software packages that are readily available for people to download in order to hack into this type of network. The latest ports have even been setup for the iPhone. The info I saw showed an iPhone hacking a network in less than 2 minutes.
WPA – (WiFi Protected Access) 1999
This is still using the RC4 stream, but the key type was changed to TKIP (Temporal Key Integrity Protocol). This was designed to replace the older, failing WEP format. This format was designed to fix some of the flaws from WEP, but still needed to communicate with the older hardware. This meant that a flaw was available for hacking in order to find the key. This flaw is only able to decrypt short packets that were known to contain data.
WPA2 – 2006
This is a newer protocol, and might not work with all the older equipment that is still in some networks. Some hardware will need to be replaced, or if you are lucky just have the firmware updated.
Based on the WPA format, WPA2 uses a much stronger advanced encryption standard, rather than RC4.
With WPA2 being the stronger format available, this is the best option for your network. While nothing can ever be truly secure, there are steps that you can take to make it harder for hackers to retrieve your personal data.
1. SSID (Service Set IDentifier) – try not to use common words or names for your network. Use random letters B2BIR or pick an acronym that you can remember. ROY G BIV, JJASONDJFMAM, or SOHCAHTOA works for me.
2. Once you have the network setup there should be an option to disable broadcast of your SSID. This is why having a random acronym that you can remember makes it easier for you to enter your credentials
3. Turn on the MAC (Media Access Control) Filter. This means that only approved MAC addresses are allowed to connect to your network.
*note – While 99% of network cards have this information hard coded onto the hardware, there are some network cards allow you to type in your own MAC Address for the card. This is primarily used to hack networks and to bypass licensing restrictions for software. I own one of these cards, and they are extremely handy for those situations*
4. Change your Network Key in intervals, ie every 3 – 7 days. This is a manual process and requires all clients to update as well.
5. Use a NetBEUI protocol for file sharing (Advanced users only). As most people do not have this option enabled, and rather than using the IP address of the machine it uses the computer name to authenticate.
6. While setting up the DHCP (Dynamic Host Control Protocol) on the router, set the available amount of licenses that it delivers to the exact number of machines on your network.
7. Don’t use 192.168.0.1 as your default address for your router.
8. Change the admin login and password on your router.
While some of these are basic and should be done, others are more advanced, and unless you feel comfortable, should be avoided, or you might need a professionals help you to set these options in place. I am not able to post screen shots for setup as there are hundreds of manufacturers, and each one does things just a little bit differently.
I am happy to help you as much as I can through the comments, or I can do some consulting for you to assist with your setup.
Related posts
Is your Wireless Network secure?
Hello again!
I came across this issue the other day, as I recently moved into a new area. I didn’t have my Internet Connection setup, and I was just logging into my laptop to use my iPhone as a tethered device, so I could check my email, and surf a little as well.
Low and behold, I saw 10 different networks in my area. 9 of the 10 were secure. 7 using WPA and 2 using WEP. Of the 2 my preference is on WPA.
WPA stands for Wi-Fi Protected Access. This protocol was created after problems were found with the security of the WEP protocol. WEP stand for Wired Equivalency Privacy.
If you have a wireless router at home, and you are unsure if you network is secure, you can login to your router and check wireless security. There will be a setting there for WPA, and it will ask you to generate a passphrase or a key depending on the router.
Once this key is generated you will be able to add this to your connection, and know that your network is more secure, as people will need this key in order to log in to your network.
As I am writing this, I am logged into an unsecured network, and I am able to see all the other PCs that are on the network for this user. I may or may not be able to log in to each PC, but I am still able to access the Internet, and if you have a limit on bandwidth, then other people might start large downloads, or play games, watch movies etc. All the time they spend on the Internet is on your dime!
If you have any questions about securing your wireless network, leave a comment, and I will do my best to answer your questions.
Related posts
Categories: Computers, Hardware, Tips and Tricks Tags: Networking, WiFi
