Tip

Know your wireless encryption options

You wouldn't design a network with Internet access without a firewall, so why would you have an unencrypted wireless network? Understanding wireless encryption is essential to deploying a secure wireless network.

Requires Free Membership to View

For more information:

The security of a wireless transmission is analogous to a written message. There are a variety of ways to send a written message and each provides an increased level of security and protects the integrity of the message. You could send a postcard, but the message is then open for all to see. You can enclose the message inside of an envelope and that will protect it from casual compromise. If you really want to ensure that only the intended recipient can view the message though, you would need to scramble or encode it somehow and make sure the recipient knew the method for decoding it.

The same thing is true with wireless data transmission. Raw wireless data, with no encryption, is just flying through the air for any nearby wireless devices to potentially intercept.

Encrypting your wireless network using WEP (Wired Equivalent Privacy) affords minimal security because the encryption is easily cracked. If you really want your wireless data to be protected, you need to use more secure encryption schemes such as WPA. To help you understand the options, here is a brief outline of some of the wireless encryption and security technologies available:

  • WEP (Wired Equivalent Privacy). WEP was the encryption scheme hastily thrown together as a pseudo-standard by vendors who were in a hurry to start producing wireless equipment before the protocol standards were finalized. As a result, it was later found to have holes that are easily exploitable by even a novice attacker.
  • WPA (Wi-Fi Protected Access). WPA was created to improve on or replace the flawed WEP encryption. WPA provides much stronger encryption than WEP and addresses a number of WEP weaknesses.
    1. TKIP (Temporal Key Integrity Protocol). TKIP is the underlying technology which allows WPA to be backwards compatible with WEP and existing wireless hardware. TKIP works in conjunction with WEP and institutes a longer key, 128-bits, as well as changing the key on a per-packet basis to make it exponentially more secure than WEP alone.
    2. EAP (Extensible Authentication Protocol). With EAP support, WPA encryption provides more functionality related to controlling access to the wireless network based on PKI (Public Key Infrastructure) keys rather than filtering only based on MAC addresses which can be captured and spoofed.

While WPA, and the improvements it brings over WEP, is exponentially more secure than WEP, any encryption is better than no encryption at all. If WEP is the only protection you have available on your wireless equipment, it will still deter casual compromise of your wireless data and send most novice attackers searching for an unprotected wireless network to exploit.


About the author:Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit S3KUR3.

This was first published in March 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.