You wouldn't design a network with Internet access without a firewall, so why would you have an unencrypted wireless network? Understanding wireless encryption is essential to deploying a secure wireless network.
The security of a wireless transmission is analogous to a written message. There are a variety of ways to send a written message and each provides an increased level of security and protects the integrity of the message. You could send a postcard, but the message is then open for all to see. You can enclose the message inside of an envelope and that will protect it from casual compromise. If you really want to ensure that only the intended recipient can view the message though, you would need to scramble or encode it somehow and make sure the recipient knew the method for decoding it.
The same thing is true with wireless data transmission. Raw wireless data, with no encryption, is just flying through the air for any nearby wireless devices to potentially intercept.
Encrypting your wireless network using WEP (Wired Equivalent Privacy) affords minimal security because the encryption is easily cracked. If you really want your wireless data to be protected, you need to use more secure encryption schemes such as WPA. To help you understand the options, here is a brief outline of some of the wireless encryption and security technologies available:
- WEP (Wired Equivalent Privacy). WEP was the encryption scheme hastily thrown together as a pseudo-standard by vendors who were in a hurry to start producing wireless equipment before the protocol standards were finalized. As a result, it was later found to have holes that are easily exploitable by even a novice attacker.
(Wi-Fi Protected Access). WPA was created to improve on or replace the flawed WEP encryption. WPA
provides much stronger encryption than WEP and addresses a number of WEP weaknesses.
- TKIP (Temporal Key Integrity Protocol). TKIP is the underlying technology which allows WPA to be backwards compatible with WEP and existing wireless hardware. TKIP works in conjunction with WEP and institutes a longer key, 128-bits, as well as changing the key on a per-packet basis to make it exponentially more secure than WEP alone.
- EAP (Extensible Authentication Protocol). With EAP support, WPA encryption provides more functionality related to controlling access to the wireless network based on PKI (Public Key Infrastructure) keys rather than filtering only based on MAC addresses which can be captured and spoofed.
While WPA, and the improvements it brings over WEP, is exponentially more secure than WEP, any encryption is better than no encryption at all. If WEP is the only protection you have available on your wireless equipment, it will still deter casual compromise of your wireless data and send most novice attackers searching for an unprotected wireless network to exploit.
About the author:Tony Bradley is a consultant and writer with a focus on
network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing
a broad range of information security tips, advice, reviews and information. Tony also contributes
frequently to other industry publications. For a complete list of his freelance contributions you
can visit S3KUR3.
This was first published in March 2006