Introduction
The proliferation of cheap wireless solutions have seen even the smallest businesses embracing the use of wireless routers to improve productivity and provide flexibility to their workers. However, there is a dark side.
Security Out of the Box
Most routers ship today with the minimal of security configurations. Basically, the router comes out of the box ready to serve up wireless connectivity for anyone that asks. While extremely convenient, this doesn’t provide the most secure of environments for your corporate secrets. Hackers can and do steal data from unprotected WiFi connections. Worse, the problem doesn’t just stay at work. Take a poll of your staff and see how many of them use wireless connections at home. See how many connect the corporate laptop to that wireless router. Now take a deep breath and ask how many secure their wireless connections. You may be surprised to see that a large majority of people do not harden their routers.
So as a business owner you will want to ensure that productivity and convenience are maintained, however, you will want to lock down the communications between your staff and the router itself. You will also want to educate the users to wireless security. Enter WEP and WPA.
WEP or WPA? - Which is Right for You?
WEP (or wired equivalency protocol) is the bare minimum encryption standard you are going to want to use to protect your data. Almost (if not all) basic wireless routers provide for WEP. In a nutshell, WEP provides layer two encryption of all wireless traffic. What this means is that WEP utilises the lowest two layers of the OSI model. With WEP, the NIC encrypts the payload of each frame before transmission using an encryption standard known as RC4. The receiving station reverses the process to gain access to the frame. Pretty technical, but the bottom line is that WEP is aimed to provide the same security as a wired connection (hence the name).
WEP uses a 64 or 128 bit shared key that a user must enter in order to connect to the wireless router.
In this configuration, a user would simply enter 1 of the four keys that have been generated from the pass phrase and would be able to gain access to the wireless router and then have access to your network.
While this does provide some protection, WEP is not foolproof. It has been known for quite a while that limitations do exist and that WEP can be cracked. In fact quite quickly. While a complete understanding of the limitations of WEP is beyond the scope of this article (You can check here if you are interested), WEP is great for simple security where top secrecy is not a requirement.
This is where WPA enters. WiFi Protected access was derived as an interim replacement for WEP until the completion of the 802.11i standard. WPA is a secure mechanism to enable encrypted communications for wireless networks.
WPA provides a better robust security mechanism than WEP. WPA uses the Advanced Encryption Standard (AES) to help provide security. AES is the standard the U.S. Federal Government has adopted. WPA also allows an organization to use RADIUS (Remote Access Dialin User Service) if so equipped or as in the case of smaller businesses, you can use a pass phrase and something called TKIP. TKIP stands for Temporal Key Integrity Protocol and allows a user to enter a password to use to connect to the router that is much more secure than WEP.
Most security organizations recommend a 20 character password to increase the security of WPA. Make sure you write it down. While not foolproof, WPA provides a much more robust security mechanism than WEP. If you want to ensure that your communication is indeed secure communication, WPA would be a better choice. Password Safe is a great place to store that 20 character key.
Conclusion
In closing, having some security is usually better than having no security at all. If you just want to set up a wireless router and allow guests to connect to it with no access to your corporate files, WEP is not a bad spot to start. If you want staff to connect to the corporate backbone securely, WPA is a simple and secure method to use.
