The world is going wireless and starting from our homes, we are too. If you look around, you have at least one wireless device…it may be a laptop or your smartphone. You may be accessing the web with your home Wi-Fi router, but the threat of a security breach never goes away. Our previously published The Complete Guide to Securing Your Home Wireless Network looked at the basics and some of the essential security steps to safeguard your network. Show If you read a bit more on wireless security, two fundamental terms will pop out – WEP and WPA. Both are basically encryption protocols that are implemented by the router firmware to protect and secure your wireless transmission. Wireless transmissions are carried by radio waves and that makes them prone to deliberate hacking. (image courtesy – cristiano) WEP – The Weak LinkWEP (Wired Equivalent Privacy or Wireless Encryption Protocol)is a password protected protocol to secure wireless transmissions across a network. It is usually the first choice when it comes to setting up basic wireless security. WEP uses an encryption key of either 64 bits or 128 bits HEX characters (0-9 and A-F) to encrypt every packet that is transmitted between the router and the Wi-Fi device. For a layman the encryption is secure enough, but a person with bit of knowledge on wireless transmission protocols and the right tools can decode the encryption key. The hole in the wall lies in the way WEP encrypts the packets with a static encryption key. The key does not change with every packet that is transmitted, so a hacker can listen in and with patience gather enough packets to decipher the encryption key. WEP has been demonstrated to be easily hackable. “Easily” is a relative word because you need some serious CPU power and dedicated tools to compromise a WEP encryption. But it can be done. Most wireless access points and routers today give the option of the security protocol to be used during setup. Older routers use only WEP, but if you have a newer one then choose the more secure WPA standard for peace of mind. The Better Choice – WPAWPA (Wireless Protected Access) is the standard that is adopted by newer routers and wireless networks to authenticate and protect their networks. WPA resolves the static encryption key loophole by using a more advanced protocol (TKIP – Temporal Key Integrity Protocol) that changes the encryption key with every packet that’s transmitted. WPA uses an English passphrase (between 8 to 63 characters) and the wireless network’s Service Set Identifier (the name that’s assigned to the wireless access point) to generate unique encryption keys for each packet. WEP is definitely better than no security, but if you can, then update your wireless network with WPA and ensure that all devices are configured to do the same. If reports and studies are accurate, a significant percentage of wireless LANs (especially those used in homes) are still using outdated and insecure WEP for their encryption. by Joseph Moran Back when the first consumer WLAN hardware hit the streets more than six years ago, they came with a technology called WEP, or Wired Equivalent Privacy. WEP was designed to protect a wireless network from eavesdropping, but it soon became apparent that due to myriad flaws, WEP’s privacy was not at all equivalent to that of a wired network. Therefore, it wasn’t long (though at the time it seemed like forever) before a new technology called WPA — Wi-Fi Protected Access — debuted to address many of WEP’s shortcomings. WPA has been a mainstream technology for years now, but WEP remains a standard feature on virtually every wireless router on store shelves today. Although it’s mainly there for backward compatibility with the oldest hardware, if reports and studies are accurate, a significant percentage of WLANs operating today (especially those used in homes) are still using outdated and insecure WEP for their encryption. Widespread use of WEP is almost understandable given that to the layperson, the similar abbreviations WEP and WPA don’t convey any meaningful difference between the two security methods (and they may even imply equivalence) Plus, WEP is almost always presented first by the security interface of most broadband routers since WEP comes before WPA both historically and alphabetically). This week we’ll take a look at why you shouldn’t be using WEP anymore, and why WPA is a better choice. WEP — The Weak Encryption Protocol This problem used to be something you could mitigate by periodically changing the WEP key (which is why routers generally allow you to store up to four keys). But few bother to do this because changing WEP keys is inconvenient and time-consuming — it has to be done not just on the router, but on every device that connects to it. As a result, most people just set up a single key and then continue using it ad infinitum. A recent development reinforces how even changing WEP keys frequently is no longer sufficient to protect a WLAN. The process of “cracking” a WEP key used to require that a malicious hacker intercept millions of packets plus a fair amount of time and computing power. But technology moves fast, and that’s no longer the case. In fact, researchers in the computer science department of a German university recently demonstrated the capability to compromise a WEP-protected network very quickly. After spending less than a minute intercepting data (fewer than 100,000 packets in all) they were able to compromise a WEP key in just three seconds, and they did it using a system equipped with a mere 1.7 GHz Pentium M CPU, which is less powerful than the processor found in today’s entry-level notebooks. Of course, none of this means that there’s necessarily someone lurking outside your window with the capability or desire to hack your wireless network in the blink of an eye. But given that it can be broken increasingly easily with commonly available equipment and software, why continue to use WEP when WPA is a more secure and easy to use alternative? Switch to WPA To encrypt a network with WPA Personal/PSK you provide your router not with an encryption key, but rather with a plain-English passphrase between 8 and 63 characters long. Using a technology called TKIP (for Temporal Key Integrity Protocol), that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed. (Although WEP also supports passphrases, it does so only as a way to more easily create static keys, which are usually comprised of the hex characters 0-9 and A-F). Unfortunately, there are still wireless devices being sold today — mostly of the consumer electronics variety — that don’t support WPA. Frankly, you should avoid buying any wireless device that does WPA. When it comes to regular PCs, WPA is supported by both Windows XP with Service Pack 2 and Mac OS X (as well as Windows Vista, naturally). In XP you won’t find WPA options in the Data encryption drop-down menu found within the properties sheet for a wireless network connection. Look for it instead under Network Authentication, and then make sure that the choice you make for Data encryption — TKIP or AES — matches what your router is set for. (Many routers support AES, which offers stronger encryption that the kind used by TKIP.) Properly configured, WPA offers you infinitely better protection than WEP, but this isn’t to say that WPA security is iron-clad, because let’s face it, what form of security really is? With that in mind, avoiding dictionary words in both the SSID and WPA passphrase (and having as long a passphrase as possible) will provide a lot better protection than using “linksys” and your dog’s name. (For an excellent technical treatment outlining some methods for cracking WPA, check this article out.) If your router or its firmware is of relatively recent vintage (within the last 18-24 months), it may support WPA2, which provides further improvements over WPA, including using AES encryption by default. In order to use WPA2 on an XP system, however, you may need to download the update located here. Why should WEP not be used in wireless network today?WEP is not a good encryption standard; however, it is better than no security. It encrypted all traffic to and from the access point using a static key, which was its downfall. This downfall can now be exploited by common, everyday computers.
What was wrong with WEP?WEP's major weakness is its use of static encryption keys. When you set up a router with a WEP encryption key, that one key is used by every device on your network to encrypt every packet that's transmitted.
What was one reason why WEP was less secure than WPA?The WPA Wi-Fi protocol is more secure than WEP, because it uses a 256-bit key for encryption, which is a major upgrade from the 64-bit and 128-bit keys used by the WEP system. WPA also uses the Temporal Key Integrity Protocol (TKIP), which dynamically generates a new key for each packet, or unit of data.
What are the limitations of WEP authentication?WEP is vulnerable because the relatively short IVs and keys remain static. Within a short amount of time, WEP eventually uses the same IV for different data packets. For a large busy network, the same IVs can be used within an hour or so.
|
