Does your customer still have an unencrypted wireless network? Don't let them get away with it. Let this tip, courtesy of SearchWindowsSecurity.com, help you understand the difference between WPA and WEP, and make a strong recommendation
for network protection.
You wouldn't design a network with Internet access without a firewall, so why would you have an unencrypted wireless network? Understanding wireless encryption is essential to deploying a secure wireless network.
The security of a wireless transmission is analogous to a written message. There are a variety of ways to send a written message and each provides an increased level of security and protects the integrity of the message. You could send a postcard, but the message is then open for all to see. You can enclose the message inside of an envelope and that will protect it from casual compromise. If you really want to ensure that only the intended recipient can view the message though, you would need to scramble or encode it somehow and make sure the recipient knew the method for decoding it.
The same thing is true with wireless data transmission. Raw wireless data, with no encryption, is just flying through the air for any nearby wireless devices to potentially intercept.
Encrypting your customer's wireless network using Wired Equivalent Privacy (WEP) affords minimal security because the encryption is easily cracked. If you really want to protect your customer's wireless data, you need to use more secure encryption schemes such as Wi-Fi Protected Access (WPA). To help you understand the options, here is a brief outline of some of the wireless encryption and security technologies available:
- WEP (Wired Equivalent Privacy). WEP was the encryption scheme hastily thrown together as a pseudo-standard by vendors who were in a hurry to start producing wireless equipment before the protocol standards were finalized. As a result, it was later found to have holes that are easily exploitable by even a novice attacker.
- WPA (Wi-Fi Protected Access). WPA was created to improve on or replace the flawed WEP encryption. WPA provides much stronger encryption than WEP and addresses a number of WEP weaknesses.
- TKIP (Temporal Key Integrity Protocol). TKIP is the underlying technology which allows WPA to be backwards compatible with WEP and existing wireless hardware. TKIP works in conjunction with WEP and institutes a longer key, 128-bits, as well as changing the key on a per-packet basis to make it exponentially more secure than WEP alone.
- EAP (Extensible Authentication Protocol). With EAP support, WPA encryption provides more functionality related to controlling access to the wireless network based on PKI (Public Key Infrastructure) keys rather than filtering only based on MAC addresses which can be captured and spoofed.
While WPA, and the improvements it brings over WEP, is exponentially more secure than WEP, any encryption is better than no encryption at all. If WEP is the only protection available on your customer's wireless equipment, it will still deter casual compromise of wireless data and send most novice attackers searching for an unprotected wireless network to exploit.
About the author
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the author of the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information.
This tip originally appeared on SearchWindowsSecurity.com.
This was first published in December 2006