Are Wireless Networks Really Secure?
As of late, one of the hot topics in technology has been the discussion about the Wireless Equivalent Protection (WEP) having been broken. It is true that the protocol has effectively been rendered (for all intensive IT security purposes) useless and should be avoided. Researchers at the Darmstadt University of Technology in Darmstadt, Germany have proven that WEP can be broken with as few as 40,000 captured packets. What does this mean to you? An intruder could potentially recover your passkey in a short time and gain access to your WEP-encrypted network.
What Is the Importance of WiFi Security?
We would ask a different question: Do you need wireless in the first place? When you incorporate WiFi into any network, you are introducing a potential security vulnerability. If you are considering implementing WiFi into your network, ask the following important questions:
- What is the real business driver? Does my company want to provide access for employee convenience or are there other business needs? Convenience isn’t always worth the potential risk of adding potential entry points to your business network?
- Does your present infrastructure support network segmentation? A properly designed WiFi network separates the wireless network and limits access to only necessary resources (through VLANs and proper network configuration), which should be properly protected.
- Have you considered the areas where WiFi access will be provided and designed your coverage appropriately? There are ways to alter the wireless signal and limit it to only certain parts of your location, preventing the wireless signal from being accessed outside of your coverage area.
These are just a few considerations for implementing wireless access points in your business. Keeping these in mind, you can certainly use WiFi and still maintain appropriate levels of security for your network.
First and foremost you want to incorporate a proper encryption key strategy. There are many available but some are not as secure as others. The weakest type of wireless security is WEP which was developed circa 1999. As mentioned in the first part of this article, WEP has now been “cracked”, and should be avoided. You can find more information about why not to use WEP in the following article from the University of California-Berkeley:
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
WEP vs. WPA
The WPA (Wifi Protected Access) method of protection uses a much stronger method of encryption and some key differences between WEP and WPA are as follows:
The main weaknesses of WEP are:
- The same IV (initialization vector) can be used more than once. This feature makes WEP very vulnerable, especially to collision-based attacks.
- With an IV of 24 bits, you only have about 16.7 million of possible combinations.
- Masters key, instead of temporary keys, are directly used.
- Most users usually do not change their keys. This gives hackers more time to crack the encryption.
Some advantages of WPA over WEP are:
- The length of the IV (initialization vector) is now 48, as compared to WEP’s 24. This gives you over 500 trillion possible key combinations.
- The IV has much better protection with better encryption methods. This effectively prevents the reuse of IV keys, greatly increasing security.
- Master keys are never directly used.
- Better key management.
- Impressive message integrity checking.
To Solution can help you to better understand the differences between encryption modes and determine which WiFi security mode(s) will best suit your network. In addition, we have performed comprehensive network and wireless implementations for business, ranging from the small & medium office to campus-wide area WiFi segmented networks. Contact us at (262) 691-1236 if you are considering adding WiFi to your business or campus.
