Sign up now for our FREE newsletter and get all the latest tips and 
technology news plus exclusive info on our latest money saving offers.
Monday, January 12th, 2009
Perceptions of wireless encryption standards have changed a great deal over the past 10 years since Wired Equivalent Provacy (WEP) was first ratified and widely adopted by wireless hardware manufacturers. Although WEP has been heavily critisized for it’s lack of effective security to a persistent intruder it is still used by many, often unknowingly. A good example of this is a lay-person home user, who purchases a wireless ADSL firewall from the local computer store. It was hard enough getting the firewall to connect to the Internet Service Provider (ISP), let alone risk changing the wireless settings when they managed to get their computer to connect wirelessly straight away. And what is all this hex, ascii, key 1 business anyway?
The home user has successfully connected to thier ISP wirelessly and is happy. But! Their wireless network is not encrypted. The hardware came with unencrypted wireless switched on by default, advertising the network name (Service Set Identifier, SSID), leaving it wide open to use (or rather, abuse) by anyone.
This situation has been and is all too common and the risks of leaving a wirelees access point open have become more widely publiscized as a result. There are a number of different wireless encyption methods on wireless access points/firewalls, but the question is which one should be used?
We have visited businesses (and homes) where 64 bit WEP encryption is setup. Obviously this is better than leaving the network open, but how much better? Whether or not using WEP to secure wireless is considered to be due-diligent in protecting access to business information is an interesting question. Nowadays there are plenty of software cracking tools around and freely available on The Internet which are making the decryption of WEP passwords (keys) increasingly easier. Deceptively obtaining a WEP key is not longer a question of if it can be done, it is now a question of how quickly. We successfully decrypted the 128bit WEP key of a wireless test network in 30 minutes and have seen reports of others achieving the same thing even faster.
How about if the wirelesss firewall / access point has SSID advertising disabled? I think it would be true to say that persistent intruders are more likely to try and get access to a network that is being advertised but this does not provide any protection as there are free software tools that will identify wireless SSIDs which are not being advertised.
Then there is MAC filtering. A device can only get access to the wireless network if it’s MAC address is included in the MAC access control list (acl). This type of security can be bypassed using MAC spoofing software. I agree that a MAC address cannot be used consecutively by more than one device without adverse connection problems but this shows that MAC filtering is not a solution.
Let’s for a moment consider two similar desirable cars sitting on the high street. One of them is locked. The other is locked, has an alarm, a demobilizer and steering bar lock attached to the steering wheel. Mr Car Thief will most likely steal the first one, but stealing the other one is not beyond a clever and determined thief. This is one way of looking at employing WEP as a wireless encryption method with SSID advertising disabled, MAC address filtering enabled and DHCP switched off (not many non-routable internet subnets around though are there!). Put all these techniques together and the would be intruder is more likely to knock on another network’s door. But is there a real answer?
At the time of writing this article the sensible wireless encryption method is WPA-PSK or higher (WPA2, AES, etc..). WPA is a great deal more secure than WEP and is presently only crackable by using dictionary attacks. So to ensure that a wireless network is really secure, choose WPA and make the Pre Shared Key (PSK) more than 20 characters using upper case, lower case and numbers. Essentially the longer and more random the key, the better. That kind of combination would take many many years to crack by a brute force/dictionary attack so for now, data would be safe. The final question is for how long? As there is an Internet group trying to crack it right now…
Related articles: -
i-Zimbra wireless networking, Wireless network setup - part 1, Wireless network setup - part 2, Wireless network setup - part 3
See also:
Why not find out more about what we can do to help you and your business today?
To contact i-Zimbra, simply call us on 0870 770 6989 or email us now.
Bookmark or share this page with your friends easily using this button:
Interested in our services? Leave a message and we'll get back to you as soon as possible.
Working with i-Zimbra is great because they know how we need to have our sites built. As a web marketing company ourselves, it is vital that our sites look great and are web standards compliant.Katherine Dawson
» Read all client testimonials
