Wireless Security #2

Last week we spoke about the need for Wireless Network security and we follow on this week by covering the different standards available.To set up or alter your wireless security settings you will require the manual for your router as the configuration process varies from manufacturer to manufacturer.This should have been provided in the box in either paper format or on a CD-ROM but if you don’t have either to hand then a copy should be freely available from the manufacturers website.

WEP (Wired Equivalent Privacy) – Introduced back in 1999, WEP is still one of the most popular encryption protocols.Despite the fact it has several serious weaknesses and can be readily cracked in minutes with freely available software, it is the default choice presented to a user when setting up security on a wireless network which probably explains its continued popularity.

The standard is so weak because it relies on a small piece of data being pre-pended to all transmissions which when matched to the key held by an authorised machine allows the data to be decrypted.With it being on almost every packet of data transmitted the cracking process just involves listening out for enough of them in order to obtain sufficient numbers to decrypt the key.

If your wireless router currently only supports WEP then do check out the manufacturers website as there is a very real possibility that a free of charge firmware update might be available to improve support for more advanced standards; WEP should only ever be used if the only alternative was no encryption whatsoever.

MAC Filtering – This will allow you to individually grant access to your wireless network for individual machines by pre-specifying their MAC addresses; these addresses are used to uniquely identify network adaptors.

Unfortunately the theory also suffers in much the same way as WEP; someone need only listen to enough network traffic to be able to obtain a list of MAC addresses.Once it has been obtained, the hacker creates a fake MAC address which caused your router to grant access by fooling it in to thinking that it’s communicating with an authorised machine.

Disabling SSID Broadcast – The SSID (Service Set IDentifier) has to be identical on both the router and client machine in order for them to communicate.In order to ease setup, the SSID broadcast reveals the location of your network to all computers within range so they can easily connect if required.The broadcast can be disabled which would then mean rather than searching for your local network you would be required to memorise the SSID.Unfortunately, as before, this can be easily circumvented by simply listening to network traffic with freely available software.

WPA (Wi-Fi Protected Access) – In the home market WPA usually relies on a pre-shared key which consists of a passphrase used to access the network.This passphrase can be from 8 to 63 characters long however in the interests of security I would suggest choosing at least 13 completely random characters. WPA succeeds where WEP failed as the encryption key pre-pended to the transmissions is changed frequently so that a hacker is unable to obtain sufficient data in order to decrypt the key.

In summary, I would recommend that all users with a wireless network ensure that firstly they are actually employing some form of wireless security and secondly that it is set to the secure WPA standard; whilst it is not unbreakable it is considered extremely secure and certainly the best that we have for now.


About the Author - Chris Holgate works for Refresh Cartridges who supply a wide range of printer cartridges at the UK’s lowest prices.