SysChat

SysChat (http://www.syschat.com/forum.php)
-   Networking (http://www.syschat.com/tutorials/networking/)
-   -   How to Deal With Wireless Encryption Security Threats (http://www.syschat.com/how-deal-wireless-encryption-security-threats-260.html)

Sami 02-05-2006 01:35 AM

How to Deal With Wireless Encryption Security Threats
 
Because nobody wants to compromise the integrity of their network by having some hacker "borrow" your bandwidth or gain access and start snooping around you need to lock down your network. Fortunately, encryption is built into wireless technology; it's simply a matter knowing how to turn it on.

Wired Equivalent Privacy (WEP) or WiFi Protected Access (WPA)
The good news is that wireless technology does have pre-built security but the bad news is there's a flaw in that security. The problem lies in the fact that it's been built upon two completely incompatible standards with the result being that it's a pain in the "you know what" to set up a whole network to use encryption.

Like most new technologies it starts out using a certain standard and then as the technology evolves better ways are developed that make the original technology obsolete. Flaws are also exposed in the original standard that make it less desirable. Problems then develop as business and individuals scramble to transition from the old to the new because during the transition there's always equipment and devices that use the old technology and the differences usually cause compatibility issues.

WEP was the original standard for encryption over 802.11 wireless networks but in 2001 a research paper was published entitled: "Weaknesses in the Key Scheduling Algorithm of RC4" which demonstrated critical flaws in the security of WEP that made it rather simple for someone with reasonable know how to break it and have access to someone's network.

In a nutshell, WEP made it too easy to discover its' secret key and once you have the key; you can hack in and stay for as long as you want. Owners quickly recognized that it was virtually useless to use WEP on their networks but by the time the industry discovered the security flaw the WEP method was built into almost every piece of wireless equipment made.

Clearly, the WEP standard had to be replaced and in 2003 WPA was introduced and fortunately it fixed most of its predecessor's flaws. WPA is much more secure than WEP. Unfortunately, WPA took a long time to reach the market and WPA devices were rather expensive when first released. As a result, WEP was and still is the default in a high percentage of the software being used because it's supported by more devices. Now you can see why we find ourselves in the confused situation we are today.

WPA is the Here and Now
If you plan on to enable encryption, always use WPA. Any devices purchased after 2003 should be WPA compatible because the upgrade was made a mandatory part of the standard.

Without a doubt WEP is better than nothing because it will; at least, deter the casual intruder, who won't try anything more than double-clicking to gain access to your network. In addition, WEP can also make you less of a target for wardrivers because there's so many completely open networks that are even easier targets than those using WEP that they simply access them. However, it's silly to use WEP nowadays (post 2003) when WPA is so easily available.

Encryption - Turning It On
Actually turning on encryption in Windows is fairly easy. The problem isn't complexity it's time or aggravation because it does involve a fair amount of clicking which is probably why so few people bother.

Step one is to turn on encryption for your wireless router or access point. The exact method will vary between devices but you can usually do it by visiting the router or access point's configuration page in your web browser, find the encryption settings and then choosing WPA. If you have any trouble, refer to your manual.

Once you've done that, you'll need to change the encryption settings on your computers. Open the "View Available Wireless Networks" screen by right-clicking on your wireless connection (bottom right of your screen) and selecting it from the menu that appears. Next, click "Change advanced settings" go to the Wireless Networks section and click your network's name and then click Properties.

Next, where it says "Network authentication" select WPA and click OK on everything you've opened. Really not that bad but then again, that's not the fun part. The fun comes when you get to do this for "every computer on your network". Sorry to be the bearer of bad news but grab a latte, put your feet up and start clicking.

Easier for New Networks
As you can see, the process is your basic "pain in buns" for existing networks but fortunately it's much easier for networks that have not been set up. You still need to turn on encryption at the wireless router or access point but once you've done that you can set up encryption using the Wireless Network Setup Wizard.

You'll have to ask Mr. Gates about this one but for some reason Windows still turns on WEP by default when you set up your wireless network. What this means is that each time you go through the wizard, you'll need to remember to check the box on the third screen that says "Use WPA encryption instead of WEP". A pain, but it's still easier than changing the settings manually down the road.

About the Author
Kevin Erickson is an entrepreneur and writer.

Sponsor: InfoSec Institute can help you receive your CISSP Certification and become an IT professional.


All times are GMT -4. The time now is 09:30 AM.


Copyright 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54