Good, Bad and Best Practices
by Richard Stokes
There are literally millions of wireless access points globally, everything from hotspots that grant you Internet access at a Starbucks to wireless networks that people use at home or at their place of business.
Wireless is cool, relatively simple to deploy and works well but it does have a major security concern. A traditional wired-only network – where computers plug in to a wall jack – confines electronic data within the four walls of the office. The only real security concern then becomes physical security and the Internet connection that brings the cyber world to your doorstep. When a wireless network is introduced, electronic data moves outside of your four walls and potentially allows outsiders a much easier way to gain access to electronic information. This introduces more security risks.
When wireless started getting popular, security standards were developed. The first standard, in 1999, was called WEP (Wired Equivalent Privacy). It was designed to provide similar levels of security to those found on a wired network.
Here’s how WEP works:
- Both the Wireless Access Point (WAP; hardware) and the connecting user are configured with an encryption key
- When the user attempts to connect, the WAP issues a random challenge (request for password)
- The user then returns the challenge (enters the password), encrypted with the key
- The WAP decrypts the challenge and if it matches then the user is granted access
In 2005, (SIX YEARS AGO!) the FBI demonstrated the 3-minute WEP crack using tools readily available on the Internet.
So, what should you do? Ditch WEP and go to either WPA or WPA2. WPA stands for WiFi Protected Access. WPA redesigns WEP, fixing the major security holes. WPA2 is the newest design, from the ground up, introduced by the WiFi Alliance; it is also referred to as 802.11i. The biggest differences between WPA (or WPA2) and WEP are twofold: 1) the encryption algorithm is much stronger and 2) they use a dynamic encryption key, meaning it constantly changes (500 trillion possible combinations) making it much harder for people to crack.
What’s the difference between WPA and WPA2? In simple terms, WPA is good; WEP is bad; and WPA2 is the best practice. That doesn’t mean WPA or WPA2 can’t get hacked: you still have to be smart and come up with a strong password or passphrase. For more information on passwords, check out our previous blog post entitled, “Protect Your Facebook Account: How Hackers Access Your Social Network Account”.