2016-01-28

2016.0128.WEP.WPA


Choosing the right security configuration for your wireless network is very important, especially because hacking is so easy now. Free software tools are now easily available that make it trivial for even unsophisticated "script kiddies" to break into secured wireless networks. Securing your Wi-Fi network with a password is the first step but its efficacy is very low if the security method chosen is WEP. Passwords for Wi-Fi networks secured with WEP can usually be cracked within minutes.[1] WPA2 is the recommended security method for wireless networks today.

Comparison chart

Edit this comparison chart

WEP

WPA

Stands for Wired Equivalent Privacy Wi-Fi Protected Access
What is it? A security protocol for wireless networks introduced in 1999 to provide data confidentiality comparable to a traditional wired network. A security protocol developed by the Wi-Fi Alliance in 2003 for use in securing wireless networks; designed to replace the WEP protocol.
Methods Through the use of a security algorithm for IEEE 802.11 wireless networks it works to create a wireless network that is as secure as a wired network. As a temporary solution to WEP's problems, WPA still uses WEP's insecure RC4 stream cipher but provides extra security through TKIP.
Uses Wireless security through the use of an encryption key. Wireless security through the use of a password.
Authentication method Open system authentication or shared key authentication Authentication through the use of a 64 digit hexadecimal key or an 8 to 63 character passcode.
WEP and WPA security options while connecting to a wireless network
WEP and WPA security options while connecting to a wireless network

Encryption in a Wi-Fi network

It is possible to "sniff" data being exchanged on a wireless network. This means that if the wireless network is "open" (requires no password), a hacker can access any information transferred between a computer and the wireless router. Not having your Wi-Fi network password-protected also creates problems such as an intruder piggy-backing on your Internet connection, thereby slowing it down or even illegally downloading copyrighted content.
Seucring a Wi-Fi network with a password is, therefore, absolutely essential. WEP and WPA are the two security methods supported almost universally by routers and the devices that connect to them, such as computers, printers, phones or tablets. WEP (Wired Equivalent Privacy) was introduced when the 802.11 standard for Wi-Fi networks was launched. It allows the use of a 64-bit or 128-bit key. However, researchers discovered vulnerabilities in WEP in 2001 and proved that it was possible to break into any WEP network by using a brute-force method to decipher the key. Using WEP is not recommended.
WPA, which stands for Wi-Fi Protected Access, is a newer standard and is much more secure. The first iteration of the WPA protocol used the same cipher (RC4) as WEP but added TKIP (Termporal Key Integrity Protocol) to make it harder to decipher the key. The next version - WPA2 - replaced RC$ with AES (Advanced Encryption Standard) and replaced TKIP with CCMP (Counter mode with Cipher block chaining Message authentication code Protocol). This made WPA2 a better and more secure configuration compared with WPA. WPA2 has two flavors - personal and enterprise.

Other Wi-Fi security best practices

Choosing WPA2 is a good start but there are other things you can do to make your Wi-Fi network even more secure. For example,
  • Do not broadcast SSID: The SSID is the name of the Wi-Fi network. By not broadcasting the SSID, the wireless network becomes "hidden". It will still show up in network scans by devices but they would only see it as "Unidentified Network". When the network broadcasts its SSID (name), the hacker only has to decipher the password. But when the network name is unknown, logging on to the network will require that the intruder must know not only the password but also the SSID.
  • Use a strong password: This one is obvious but bears a mention because it is very important. Computers are very powerful and cloud computing has made it very cheap and easy to rent extraordinarily large raw computational power. This makes brute-force attacks possible, where the hacker tries every combination of letters and numbers until the key is deciphered. A good password has the following characteristics:
    • is longer than 10 characters
    • uses a healthy mix of characters — upper case, lower case, numbers and special characters like ^*
    • is not easily guessable, like a birthday, or name of a family member or pet name
  • Change the default IP address of the router: Virtually all wireless routers are preconfigured to use 192.168.1.1 as the IP address of the router on the network it creates. There are some sophisticated exploits that use this common setting to transmit the infection to the router, thereby compromising not just one computer but all Internet traffic that goes via the router from any device. It is advisable to change the routers IP address to something else, such as 192.168.37.201. 
  • Security measures

    There are a range of wireless security measures, of varying effectiveness and practicality.

    SSID hiding

    A simple but ineffective method to attempt to secure a wireless network is to hide the SSID (Service Set Identifier).[15] This provides very little protection against anything but the most casual intrusion efforts.

    MAC ID filtering

    One of the simplest techniques is to only allow access from known, pre-approved MAC addresses. Most wireless access points contain some type of MAC ID filtering. However, an attacker can simply sniff the MAC address of an authorized client and spoof this addresses.

    Static IP addressing

    Typical wireless access points provide IP addresses to clients via DHCP. Requiring clients to set their own addresses makes it more difficult for a casual or unsophisticated intruder to log onto the network, but provides little protection against a sophisticated attacker.[15]
     
PHV.DCXXIV.2016.0128