WEP vs WPA
Another question I get asked a lot is on Wireless security. People get very confused by the security options out there, and the industry doesn’t help by adding acronym after acronym. So what do you do? The answer is fairly simple – secure your network with WPA!!
There are lots of methods to use to secure your wireless network. The most common is WEP, but that is being replaced by the newer (and better) WPA protocol. You can also secure the network by allowing only specific computers on the network. This is simple to do, and doesn’t require security keys and messy settings. The problem with it is that the data you send wirelessly is not encrypted. With WEP and WPA, the data is encrypted.
What are these things anyway?
WEP or Wired Equivalent Privacy (see the Wiki for more info) is an encryption protocol developed in the late 1990’s to secure wireless networks. It offers 64bit and 128 bit encryption using a key generated by a passphrase you enter, but is easily cracked. Despite this, there are a ton of people who still use WEP since it is the default protection on many routers.
WPA (WiFi Protected Access) is the next generation encryption algorithm that replaced WEP. WPA uses 256bit encryption keys, and is far more secure than WEP. It’s not the be-all-end-all, but is very good. As with WEP, you have the option of generating a security key using a passphrase so that you don’t have to remember a string of random hex digits. This is great, BUT you have to be careful about the passphrase you use. DON’T use things like your pets name, your kid’s name, your street, or anything that can be guessed.
The clear answer is to secure your network with WPA.
BUT – do you have to secure your network at all? The safe answer is yes.
What happens if you don’t secure your network? That depends on where you live, how close your neighbors are, and how you secure your computers. Most wireless routers have a range of 150 feet. That means that if your neighbors are more than 150 feet away, they will not be able to get on your network unless they are standing outside your house with their laptop.
If you don’t change the default security settings on your computers, chances are that even if someone did get on your network, they wouldn’t be able to do much. By default settings I mean:
- No shared hard drive locations
- Remote control disabled
- Firewalls up and running on every computer
- Anti-Virus up and running on every computer
Of course, this is not always realistic – I have lots of shared directories, and remote control enabled on my machines because I like to be able to work on any machine from anywhere if I need to. For that reason, I like to secure the network so that if someone manages to get on they won’t get to my personal files.
The bottom line on security for wireless networks is best practice is to secure your network using WPA. That said, if you live in a remote area where no one will likely be in range of your wireless, it’s not really necessary, just a good idea.
|
|
|
|
|
 |
WEP doesn’t provide the highest level of security, but it will provide an initial barrier.
Absolutely – it’s not *bad* per se, just easy to crack. It would take a determined person to crack WEP, and most people wouldn’t bother.
Main weaknesses of WEP are:
1) The same IV (initialization vector) can be used more than once. This feature makes WEP very vulnerable, especially to collision-based attacks.
2) With IV of 24 bits, you only have about 16.7 million of possible combinations.
3) Masters keys, instead of temporary keys, are directly used.
4 Most users usually do not change their keys. This gives hackers more time to crack the encryption.
Advantages of WPA over WEP are:
1) Length of IV (initialization vector) is now 48, comparing to WEP’s 24. This gives you over 500 trillion possible key combinations.
2) IV has much better protection with better encryption methods. This is prevention of reuse of IV keys.
3) Master keys are never directly used.
4) Better key management.
5) Impressive message integrity checking.
Nice post! I never knew why one protocol was better than the other.
Thanks for the post. Networking has always been one of my weak subjects. I’m trying to fix a network for my relatives, and I think the problem has something to do with the WEP. This crash course might help point me in the right direction.