You can encrypt data to prevent wireless trespassers from eavesdropping and stealing your information. The two main types of encryption available on Wi-Fi gear are Wired Equivalent Privacy (WEP) and the newer Wi-Fi Protected Access (WPA). Encrypting your data can prevent crackers from stealing passwords or sniffing MAC addresses.
All Wi-Fi gear has encryption capabilities built in. Consider using it if you transfer a lot of sensitive data between computers or are in a densely populated urban area where you are more likely to have crackers or wardrivers attempting to intercept your signal.
Using encryption adds a little overhead to your network. Encrypting and decrypting network traffic takes more processing power and may slow down some older Wi-Fi gear. However, the effect should be minimal, and the security benefits out- weigh the effect on WLAN performance.
Wired Equivalent Privacy (WEP) is the original encryption method used by Wi-Fi networks. It’s available on all Wi-Fi hardware, and you should consider enabling it to add an extra layer of security to your network traffic. Once enabled, WEP requires very little input from you, other than selecting passphrases for key generation.
Note | Because skilled crackers can defeat WEP easily, it is ineffective for defending against them. Still, WEP is a sufficient deterrent to most would-be crackers and you should consider using it anyway (unless WPA is available as an option). WEP can serve as an intellectual firewall, making it difficult for casual wardrivers or unskilled crackers to access your WLAN. Most will simply move on to the next, less secure target. |
You can activate WEP with the configuration software that came with your access point and adapters. When given a choice, always choose open authentication instead of shared key authentication. Crackers can defeat shared key authentication more easily than they can defeat open authentication.
WPA is the newer, more secure option for encrypting your WLAN. WPA is available on most new access points and adapters, particularly 802.11g and 802.11a devices. WPA is available for some older devices, such as 802.11b, as a firmware upgrade. Not all devices are upgradeable; you’ll have to check with the manufacturer of your device. The easiest place to do this is at the manufacturer’s Web site.
Note | WPA isn’t backward compatible with WEP, so if you’re going to use it, all of the devices on your network must have WPA capabilities. |
Firmware upgrades are executable files that you run to update the software in a hardware device’s flash memory. This is also known as flashing a device. For added safety, download executable firmware upgrades directly from the manufacturer’s Web site, not from third-party sites, bulletin boards, or newsgroups. It is easy for a cracker to disguise malicious software as a firmware upgrade, so always use caution when obtaining executable files.
If your devices have WPA capability, you can enable them with the configuration software supplied with your adapter or access point. Although it is more secure than WEP, WPA isn’t impervious and is vulnerable to some attacks. Still, WPA is an improvement over WEP, and I recommend that you install and activate WPA encryption on your Wi-Fi network if possible.
Recently, researchers discovered a weakness in WPA on consumer Wi-Fi networks that allows a cracker to recover the encryption key and defeat WPA. This is not due to a flaw in the WPA encryption protocol; the problem is the way manufacturers are implementing WPA in consumer products.
When you install WPA, you must create a passphrase that the software uses to generate a WPA key for encrypting and decrypting data. If you don’t create a sufficiently complex passphrase, a cracker can recover the WPA key using software that compares the key against known dictionary words.
To prevent this, follow the same best practices for passphrase creation that you would when selecting a password. Use passphrases longer than 20 characters, don’t use words found in the dictionary, and include random numbers and symbols.