Using and connecting to secure and safe network is a must to protect your data, gadget and also your privacy. There are several type of network encryption that is common today, in this post we will discuss some of those encryption types.
WEP – Is the first and lowest standard for wireless security. You will hear security experts say that WEP can be cracked in 5 minutes; this is true, only once you have sniffed enough network traffic for weak IV’s. Collecting enough wireless traffic will take at least a couple hours under ideal conditions. WEP can be cracked because it uses the same key for each data frame; so with enough traffic you can capture the whole key. WEP is getting harder to crack because firmware upgrades are helping prevent the transmission of weak data packets.
WPA(Wi-Fi Protected Access) – Is the upgraded version of WEP. WPA’s main answer to the flaw of WEP is that instead of using the same key for each data frame it changes the keys. This rotation of keys makes in vastly more difficult for a cracker to capture the whole shared key. WPA also helps wireless clients roam from access point to access point while working in an enterprise environment more efficiently.
WPA uses two different types of encryption, TKIP( Temporal Key Integrity Protocol) and AES(Advanced Encryption Standard). AES is the more advance form of encryption over TKIP. Some wireless adapters may not support AES encryption so you need to take that into account when planning your wireless network.
WPA2 – Further improves upon the ability for the wireless client to roam from access point to access point. There are different ways to implement WPA and WPA2:
WPA-PSK with TKIP – PSK Stands for Pre Shared Key. The client and the access point or wireless router will each share a passphrase which is encrypted with TKIP.
WPA-PSK with AES – This is the same as the above but you will use AES encryption. Remember you will have to monitor your wireless network because you might have more dropped packets with AES if your firmware is not up to date on your access point or wireless adapter.
WPA2-PSK + Mixed – This solution still uses the shared key but will accept either TKIP or AES encryption clients. This option is only available if you are using WPA2
WPA-Radius- This is the most secure wireless solution at this time. WPA rotates the keys, TKIP or AES encrypts the keys, and the RADIUS server authenticates the user. Authenticating the user is very important because without a RADIUS server you really don’t know who is using your wireless network. A RADIUS server is basically a database of user names with passwords.
If your PSK is leaked to the wrong person or stolen somehow, you don’t have any control of who is accessing your network. If you are using a RAIDUS server you have complete control over who enters your wireless network. RADIUS servers can create policies which limit what network resources the wireless user has available.
A great policy to implement with a radius server is limiting the times and days your users can access the network. If your business hours are only during the day you won’t want people using it at night. Also, you can use a RADIUS server to run a wireless hot spot which will take care of billing and customer portal.
Home users will want to use at least WPA with either TKIP or AES to protect your network. If you are more tech savvy you should use WPA2, this requires you to down load the WPA2 patch for Windows from Microsoft and update your wireless adapters driver. Some older adapters do not support WPA or WPA2 so make sure you know what you’re buying.
Business users will want to use WPA-RADIUS or WPA2-RADIUS. To use RADIUS you need to install a RADIUS server. Microsoft windows 2003 server can be used as a RADIUS server or you can use one of the many open source RADIUS servers which are free on the internet, such as Free RADIUS.
Just remember that if you use WPA2 you will have to down load the patch from Microsoft and update your wireless adapter’s driver.
Keep your wireless network simple and secure.