I get a few questions about WiFi security types so I thought that I would take the opportunity to explain some fundamentals. The truth is, wireless communication isn’t very complicated. But wireless security is –and it relies heavily on encryption to help keep the bad guys out. Encryption is not the only method of wireless security. But it is the most important. Without it, your network is exposed to anyone within range of it.
Some people stack their security methods in a way that makes hacking a real chore for the attacker. For example, in addition to using strong WiFi security, you might also setup a MAC filter to prevent unauthorized devices from connecting to your network in the first place. Even that is not bulletproof. It’s simply another hoop that the hacker will have to navigate. But in the long run, strong WiFi security will do the most good.
What are the various WiFi security types?
WiFi security works by encoding wireless communication so that only authorized devices can communicate with the broadcasting device. This encoding process requires three primary things: (1) a way to encode the transmission, (2) a way to decode it and, (3) devices capable of handling the transmission.
The encoding process uses a special algorithm to scramble the data. This is known as ciphertext. An encryption key determines how the ciphertext is encoded.
The length of the key is made up of bits, such as 64-Bit, 128-Bit, 256-Bit. A bit is a single numeric value, either ‘1’ or ‘0’, that encodes a single unit of information. More bits mean more ciphertext and greater complexity.
Is 256 bit encryption better than 128 bit?
The short answer is, yes. It is more difficult to crack (more like impossible to crack). Historically, the higher the encryption, the more resources are needed to decrypt the message. So this begs the answer to an obvious question; Is 256 bit necessary and is 128 bit sufficient?
Well, if it takes 600 years to break the ciphertext of a 128 bit encrypted key, and it takes 100,000 years to break the ciphertext of a 256 bit key, is 256 bit really necessary? Not really. 128-Bit is sufficient. However, given today’s computing power, 256-Bit takes only slightly more resources.
How is the encryption decoded?
In order to decode encryption, the wireless device must know the encryption key, the security type and type of encryption used.
WiFi Security Types
- WEP – Wireless Equivalent Privacy
- WPA – Wi-Fi Protected Access
- WPA2 Personal- Wi-Fi Protected Access II
- WPA2 Enterprise
WEP was the first wireless network security method used. WEP is no longer safe as it can be easily cracked with minimal effort.
Currently, WPA2 Personal is generally the best network security type for home networks. It uses a 256 bit key and is virtually impossible to crack. One challenge is that older wireless devices do not support WPA2. This may require you to revert back to WPA for maximum compatibility. Basically, if your wireless router is broadcasting with WPA2 security, your wireless client must also use WPA2. It must also use the same method of encryption.
WPA2 Enterprise is more suited for businesses with experienced IT personnel. Here’s why: Unlike WPA2 Personal which uses one passphrase for everyone, with Enterprise mode, each person has his/her own account. In order to facilitate account management, Enterprise mode typically requires a separate server (known as a RADIUS Server). The RADIUS server handles WiFi authentication for each individual person. This makes it much easier to add and revoke WiFi privileges without having to change the password on every wireless device in the company.
What types of encryption is used for wireless network security?
TKIP (Temporal Key Integrity Protocol) utilizes a 64-Bit Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.
AES offers better encryption and provides more security. TKIP provides good encryption and supports the broadest number of devices with better support for older machines.
WiFi Security Settings
Log into your router, then navigate to: Basic > Network
Under ‘Wireless’, Choose the wireless security type, encryption type and enter a shared key.
What else should I know about wireless security?
Not everything is black and white. Some things require trial and error, even for experienced technicians. For example:
If you experience connectivity issues, try removing special characters from your wireless password. Try using only upper case letters, lower case letters, and numbers. For example:
Some encryption methods may not play nicely with other devices. This is particularly true with wireless bridges. For example, a WDS bridge can only work with WPA security. If you’re having difficulty setting up a wireless bridge, try temporarily removing all wireless security to determine whether nor not the problem is related to the actual bridge link, or the security type that you are trying to use.
Whenever possible, try to use AES encryption over TKIP. However, there may be instances such as when attempting to create a bridge using “repeater mode” that may not work well with AES. In such cases, you may have to try using TKIP on both devices.
What else can I do to secure my wireless network?
Once you’ve established some wireless network security, your next best approach to is to reduce the number of WiFi connections allowed. For example, use Wireless MAC address filters, and smaller DHCP address pools (instead of 192.168.1.100~254, you might use 192.168.1.100~109). Technically, these strategies are not true “security features” but they do enable the typical home network administrator to control the number of devices that connect without the overhead of running a RADIUS server and managing individual clients.