Wireless security in brief

Q. I want to set up a wireless network and my friend tells me all he needs to do is hide the network or use the machine address. Somehow that doesn’t seem very secure, is that all he needs to do?

A. You are correct to be suspicious of this advice. As wireless networks have evolved several progressively better encryption methods have become available. You should be aware of the various choices there are for security – you can have no encryption, light encryption with protocols such as WEP, or more sophisticated encryptions such as WPA2 PSK or Personal and WPA2 Enterprise.

If you choose to have a wireless network, also known as WiFi, you can have an open network by not employing any security, then anyone within range of your network can use your WiFi connection. This is not really a good idea as you don’t know who is connected to your network and what they’re doing.
Every WiFi network is made up of a couple things; a broadcast name, or SSID, and a wireless access point such as Apple Base Station and the protocol to support the various devices that will connect to the network.

When a WiFi lap top or smartphone comes in range of a network it discovers a network by the SSID or name that is “broadcast” by the access point. If the name of a network is not broadcast then the user wishing to connect to the network has to manually enter in the name of the network. However the name of the network is actually broadcast within the packets so with software downloaded off the Internet a user can easily find the name of the network.

You can also use the machine address to restrict which devices are able to connect. Unfortunately the machine address is also broadcast in the packets and the address can be “spoofed” easily with software. Additionally WEP is also easily hacked the software off the Internet because it is a pretty weak protocol. It’s actually consists of eight characters find which are basically declaring that its WEP and in the rest is the password. So again within about 20 minutes someone that can discover everything they need to get onto the network.
WPA and WPA2 are more sophisticated protocols and consist of 128 bit keys. All of the information transmitted is encrypted. There is a “pre-shared key” that is part of connection. As a 128 bit key it would take trillions of years to decode the password. WPA2 Personal uses a password only and WPA2 Enterprise is a more sophisticated version of authentication, and consists of a certificate authentication method.

So the bottom line is you should use the best security your equipment can support. Preferably WPA2 Personal for a few computers and WPA2 Enterprise for many computers.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.