Many folks setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky as numerous security problems can result. Today's wireless networking products don't always help the situation as configuring their security features can be time-consuming and non-intuitive. The questions below and more will be answered in hope that the importance of securing your home network will be understood.
Many people question the wireless security or encryption of their home networks with questions like...
1. What is encryption?
2. What are the different types?
3. Whats the best encryption?
4. Why encrypt my home network?
Questions like the above ones and more are answered in
Wireless Security: The Breakdown.
What is encryption?
Simply put encryption is the activity of converting data or information into code so as not be viewed by those not intended to view it. Encyption dates back for beyond the years of any computer, thousands of years before in fact. Julius Caesar used encryption, he wrote letters to his men with instructions, locations, names, etc...
The following is an example of some early encryption utilized by Caesar and his men.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
If Julius Caesar wanted to write a letter to his men he would move each letter 5 spots to the right. If his letter wanted to say "attack" it would read "FYYFHP". Now, I realize that this is not a very hard algorithm to break but none-the-less it is an example of encryption in some of it's earliest days.
Now, pretty much all Wi-Fi equipment supports some form of encryption. Several encryption technologies exist for Wi-Fi today (which I go over below). Naturally you will want to pick the strongest form of encryption for your wireless network (the stronger the encryption, the harder to crack n' hack). However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Some devices on your network may support one kind but some other devices may not. Therefore you may need to find a "lowest common demoninator" setting or the type that is supported by all devices connecting to the network.
What are the different types of encryption?
There a few different types of encryption methods and some options that go with some of these. The following are the most common and are the ones I will be discussing, I will also discuss the MAC Filter option.
1) WEP
2) WPA 1/2
3) MAC Filtering
WEP (Wired Equivalent Privacy)
WEP was an early attempt to secure wireless networks. WEP has three settings:
Off (no security), 64-bit (weak security), 128-bit (a bit better security). The WEP concept of shared key passphrase is introduced so that you do not have to enter complicated strings for keys by hand. The passphrase you enter is converted into complicated keys. Choose passphrases with the same care you would important passwords.
- You need to enter a passphrase to generate each key.
- To access your network all device must use the same passphrases (i.e., the same keys).
I won't go into the cipher stream and checksums utilized by WEP but needless to say it is now considered a "depreciated" protocol as it only takes minutes to crack a WEP key with the correct tools (ie: software). However, it is still used by many as it's usually the first option offered to the user when setting up security on their devices.
WPA and WPA2(Wi-Fi Protected Access)
WPA is another wireless security option created in response to several serious weaknesses researchers had found in the previous system, WEP.
WPA addresses the shortcomings of WEP and is much far more difficult to hack. WPA came out around 2002. The geek next door may take 10 minutes to hack your WEP, but may take a day or two to hack WPA. WPA was the interim format while WPA2 is the final, more secure, version.
You also may see the following when setting up your security.
TKIP (Temporary Key Integrity Protocol) is used
within WPA above. This solution is very hard to hack but there is a flaw in the encryption which presents a slight vulnerability. The great thing about TKIP is it is compatible with older hardware (pre 2003 wireless network cards).
AES is not compatible with pre 2003 hardware but is almost impossible to hack if a good key/passphrase is chosen. AES has been adopted by the US government as their standard encryption.
It is the used in WPA2.
One thing to remember is that all of the above use PSK (Pre Shared Key) which just means you have chosen a passphrase or key that will be known by the router and the computer to connect each other. To give access to someone to connect to your network they must have this key (unless they hack in).
MAC Filtering
Each device has a unique identifier or MAC (Media Access Control) Address that can be used to identify device A from device B.
Mac Filtering is a router function that can be set to only allow certain MAC addresses to communicate on that network. If MAC filtering is on, then a computer's MAC address will need to be manually entered on that router in order for the computer to access the network.
Now this seems nice and I myself have used this briefly. However, with certain tools (ie: software) a "culprit" can mimic MAC Address' and connect to your network. Well you may ask, how does he know my MAC Address? Below will answer that:
So, let's say a somewhat knowledgeable hacker is interested in accessing your WiFi hotspot - the one on which you have MAC address filtering turned on. He need only do two things:
- Sniff the network and look at the MAC addresses which are allowed access to the network.
- Configure his network interface to use one of those MAC addresses using certain software.
You can however use MAC Filtering in conjunction with WEP or WPA1/2 if you're feeling vulnerable :)
Whats the best encryption to use?
WPA2 with AES is the best encryption option to use for your home network. It is the newest thus most kinks worked out from previous versions and previous options.
Like I stated above all the options use PSK (pre-shared key) therefore you must create a passphrase or password, to gain access to the network. The important thing to remember is to make your passphrase difficult. You don't want it to be as simple as your address or phone number. Choose carefully.
Why encrypt my home network?
Encryption is not only used to prevent unauthorized connections to your network. But also to encrypt your data that you're transferring. If your network is unsecure then any "joe blow" of the street can connect and get personal information. This can also happen if your security is weak (ie: weak passphrase)
Not only is perosnal information at risk but the more people connected to your network the slower it will run. I don't know about any of you but I pay for my internet so I can use it, not some humbum down the street.
I hope you enjoyed reading my excerpt on Wireless Security. So what we've learned is:
1. What encryption is.
2. What the different types are.
3. What are the pros and cons of each.
4. Why you should secure your home network
HAPPY SECURING!
RICK
REFERENCES
http://wordnetweb.princeton.edu
http://www.ehow.com
http://windows.microsoft.com
Microsoft Certified Desktop Support Tech Equivalancy books.
Knowledge of OP