About Wireless Network Security, Choosing the best wifi security for your...
Although it is the good neighborly thing to do to leave your network available for anyone to access, it is not safe. It is very easy today for anyone who can connect to your network to see what you're doing, get your passwords, and even pirate copyrighted material on your home network, all of this obviously leads to trouble!
I have been in Network Security for a few years now, I've spent a lot of time experimenting with my own home network, setting up security, breaking into it, steeling my own passwords from another computer, etcetera. The astonishing fact is how incredibly easy it is with just the right information. As a disclaimer network hacking is very illegal, and I do not provide any information on how to get into someone else's network in this tip, if you are like me, and wish to set up scenario's with your own network, just to learn about security, only breaking into something you personally own, there are plenty of resources out there on the internet, you just need to know where to look. I will keep this article updated as new technologies become available.
So lets talk about the commonly available types of network security. I have posted other tips regarding the setup of each security type, if you're not really interested in the how or why skip on ahead to my other tips, and find Setting up WPA-2 wifi Security, as this is the most secure, please also see my tip, a word on passwords, for even more security.
Put simply, every Wireless adapter(the device that connects your computer to a wireless router, wether it is in the computer or an external device) has a unique MAC address (or Media Access Control Address). Mac filtering tells the router which devices are allowed to be connected to your router. When a device attempts to make a connection, if it is not on the list, the router denies the connection, pretty much like an exclusive party, you have to be on the list. But the router can be fooled, if someone knows a Mac address that is on the list (pretty easy to figure out), there is a way they can use that Mac address instead of thier own, kinda like getting into an exclusive party using a false name. The data is not encrypted with this method, so even though someone can't connect to your network, they can still inspect your network traffic and potentially find your passwords for websites like facebook, etc.
Mac filtering works very well when used with another form of network security below, it is the only method that can be used with another method at the same time, so it is a good "extra step" to protect yourself from hackers.
Pros - Fairly easy to set up, no passwords to remember or write down, supported by all network adapters, can be used with other security methods.
Cons - Easily hacked, not very secure, data not encrypted.
WEP - (Wired Equivalent Privacy)
WEP was the first attempt at securing wireless networks. It's a pretty good system, it does encrypt all data sent to and from your computer to the router, so stealing passwords without your network password is not possible, but if they can get access to your network, it's pretty easy to see those passwords fly by. The problem with WEP is that it's still pretty easy to crack, someone can inspect the encrypted traffic, and once they have enough your network password can be resolved by deciphering the captured traffic, on a WEP network with a lot of traffic this can be done in as little as 10 minutes!
Pros - Supported by almost all network adapters, data is encrypted from the router to the wireless adapter.
Cons - Still not very secure
WPA - (Wifi Protected Access)
Supported on hardware from 2003 or newer. This is one of the better options, offering better encryption for your traffic, in most cases even if someone connects to your network, they still can't get your passwords. The network password is not as easily resolved, but it can still be brute-forced, or cracked using a wordlist attack. Brute-forcing is basically trying every possible combination of letters numbers and characters in every possible order, this can take months to finally crack even a simple password. A wordlist attack is only effective on weak passwords, see my tip, a word on passwords for more details.
Pros - Best option for most hardware. Very secure.
Cons - Can be brute-forced.
WPA2 - (Wifi Protected Access-2)
Supported by most hardware 2008 and newer but not all, supported by some hardware that is older than 2008. The same as WPA, but cannot be brute-forced. The only way to crack WPA2 is with a wordlist attack, so as long as you have a strong password, you can say you are as secure as you can possibly be.
Pros - Best option available, Very secure
Cons - Not supported on all hardware.
So now you are educated on basic network security concepts. Understand that no network is absolutely secure, on my home network I use WPA-2 in conjunction with Mac filtering, which is the best setup available and thats what I recommend to anyone. Can it be cracked? Yes, Do I think it will ever happen? It's extremely unlikely with that amount of security, odds are any would be cracker would give up after several failed attempts.
on Jul 18, 2010 | Computers & Internet