Know your wireless encryption options

You wouldn't design a network with Internet access without a firewall, so why would you have an unencrypted wireless network? Understanding wireless encryption is essential to deploying a secure wireless network.

The security of a wireless transmission is analogous to a written message. There are a variety of ways to send a written message and each provides an increased level of security and protects the integrity of the message. You could send a postcard, but the message is then open for all to see. You can enclose the message inside of an envelope and that will protect it from casual compromise. If you really want to ensure that only the intended recipient can view the message though, you would need to scramble or encode it somehow and make sure the recipient knew the method for decoding it.

The same thing is true with wireless data transmission. Raw wireless data, with no encryption, is just flying through the air for any nearby wireless devices to potentially intercept.

Encrypting your wireless network using WEP (Wired Equivalent Privacy) affords minimal security because the encryption is easily cracked. If you really want your wireless data to be protected, you need to use more secure encryption schemes such as WPA. To help you understand the options, here is a brief outline of some of the wireless encryption and security technologies available:

WEP (Wired Equivalent Privacy): WEP was the encryption scheme hastily thrown together as a pseudo-standard by vendors who were in a hurry to start producing wireless equipment before the protocol standards were finalized. As a result, it was later

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Rogue access points: Preventing, detecting and handling best practices The TPM chip: An unexploited resource for network security Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in USB storage devices: Two ways to stop the threat to network security Network security: Using unified threat management (UTM) Network security: Empower users without endangering IT Network analysis -- Enhancing security assessments WLAN Security Wireless LAN security: SonicWall joins crowded WLAN market Stolen laptop recovery using remote access and wireless network SSIDs Enterprise wireless LAN security: 802.11 and seamless wireless roaming Monitoring your network to detect rogue access points (APs) Persistent, secure connections for roaming WiMAX, 3G and 802.11x 802.11n's impact on WLAN security Set up secure wireless networks with 802.11x, access points and bridges How wireless network encryption affects signal strength, connectivity New PCI compliance rules ban WEP, tighten wireless LAN security How to avoid the WPA wireless security standard attack WLAN Standards 802.11n wireless LAN access point market: Who's really in second place? Will 802.11x wireless products be compatible with 802.11n? Beamforming, RF management key to 802.11n wireless LAN success School deploys 802.11n WLAN to support student laptop program Can neighboring 802.11n and 802.11g networks avoid coexistence problems? Can 802.11n clients turn off radios to conserve battery life? How to avoid the WPA wireless security standard attack Differences between WLANs, Wi-Fi and WiMax Mastering 802.11n: Implementation tips and answers to frequently-asked WLAN questions IEEE 802.11w protects wireless LAN management frames

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 802.11a  (SearchNetworking.com) DECT  (SearchNetworking.com) foreign agent  (SearchNetworking.com) High-Speed Circuit-Switched Data  (SearchNetworking.com) home address  (SearchNetworking.com) home agent  (SearchNetworking.com) Link Quality Source Routing  (SearchNetworking.com) Multichannel Multipoint Distribution Service  (SearchNetworking.com) USSD  (SearchNetworking.com) Wi-Fi Multimedia (WMM)  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

found to have holes that are easily exploitable by even a novice attacker.

WPA (Wi-Fi Protected Access): WPA was created to improve on or replace the flawed WEP encryption. WPA provides much stronger encryption than WEP and addresses a number of WEP weaknesses.

TKIP (Temporal Key Integrity Protocol): TKIP is the underlying technology which allows WPA to be backwards compatible with WEP and existing wireless hardware. TKIP works in conjunction with WEP and institutes a longer key, 128-bits, as well as changing the key on a per-packet basis to make it exponentially more secure than WEP alone.

EAP (Extensible Authentication Protocol): With EAP support, WPA encryption provides more functionality related to controlling access to the wireless network based on PKI (Public Key Infrastructure) keys rather than filtering only based on MAC addresses which can be captured and spoofed.

While WPA, and the improvements it brings over WEP, is exponentially more secure than WEP, any encryption is better than no encryption at all. If WEP is the only protection you have available on your wireless equipment, it will still deter casual compromise of your wireless data and send most novice attackers searching for an unprotected wireless network to exploit.

About the author:
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information.

This tip originally appeared on SearchWindowsSecurity.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.