Home Networks Not as Secure as You Think

The culprit: WEP

 
     Would you sleep in a room on the second story of a building with the window closed but unlatched and a ladder leaning against the window?  If you use Wired Equivalent Privacy, also known as WEP, for your home wireless internet security, then that is what you are doing electronically, and WEP is often the default setting on wireless network routers that you buy for your home.  In an article written by Steve Janss, he highlighted an important wireless security issue when he wrote, “Wired Equivalent Privacy vulnerabilities came to light … in October 2000” (Janss, 2001).  WEP is a common wireless network security protocol that is still in use today.  Janss goes on to say that computer programmers began writing software in 2001 that could easily and quickly decipher the code and find the password for any security system using the WEP protocol.  Although the use of WEP in handheld devices and home computer systems puts your personal information at risk, there is a solution to the problem.

     Since 2001, programmers have improved their programs to break into these networks.  Without going into the math and technical details, the problem is that WEP uses a limited size of its encryption key and many of the messages sent over a wireless network start with the same few characters.  Using these two details, a hacker can write a program to eliminate most of the possible encryption keys, leaving only a few to test and with only about 10,000 packets of data that takes only a few minutes to send, the program can find the password key.  Anyone who has that password key can access your network and see everything that you send and receive on the internet.  Today, there are even videos on YouTube that demonstrate step-by-step instructions on how to break into systems protected with WEP security and anyone with even a moderate level of computer skills can follow the instructions and break into a network.  This is still a current issue as you can often find some networks protected with WEP that you can see with your laptop from home or many public locations.  Fortunately, most current home wireless systems include a new style of security.

The solution: WPA2

     There is hope for home wireless networks and the people who own them.  Manufacturers began releasing a new style of security protocol in 2003, with an upgrade in 2004.  The latest version called, “WiFi Protected Access 2” or WPA2 is the most secure system available for home use.  WPA2 is a new security standard developed by the WiFi Alliance that supersedes WPA and provides much better protection for home security systems.  Determined hackers can still crack this security code, but it takes longer and requires more knowledge than cracking WEP.  There are, however, some important cautions, even with WPA2.

WPS: As Guilty as WEP

     Many new wireless devices come equipped with something called WiFi Protected Setup, or WPS.  This is supposed to make setting up your wireless system much easier, and it does, but it bypasses the WPA2 security and uses a simple 5-digit pin code.  Hackers can quickly decipher the pin code by just trying all the different combinations of numbers and within a few minutes, gain access to your system.  WPS negates all of the benefits of WPA2 security, so you should never use it.  However, WPS is not the only risk and password length plays an important role in your wireless security.

Don’t Scrimp on Password Length

     When setting up the WPA2 security on a wireless network, the system will ask you to enter a password with between 8 and 63 characters.  The length of password that you choose will determine the level of security in the system.  Choose a password of between 60 and 64 characters to take advantage of the full security of WPA2.  If you select a password with fewer characters, the security of your system is only slightly better than with WEP security.  Do not worry about having to remember this password because you will only need it to add new devices to your wireless system, and once entered in a device, that device will remember it.  Make sure that you choose a series of words, numbers and symbols and do not select a repeating series of characters.  The best passwords will not have any characters that are identical next to each other. 
 

Replace Old Devices for Piece of Mind

     One final note is that if you have an older device that does not have WPA2 capability, you cannot upgrade it.  The only solution is to throw out the old device and buy a new one, but for less than $100, you can provide security for all of your personal information.  Even if your device is not a wireless router, you will have to set up that router to allow WEP for that one device, and your system is only as secure as your weakest link.  With WPA2 and a long password, you can rest easy knowing that your network is secure from all except the most determined hackers.


Rob.

References

Goth, G. (2002). Read it and WEP. IEEE Internet Computing, 6.  Retrieved from http://csdl.computer.org.dml.regis.edu/dl/mags/ic/2002/01/w1006.pdf

Janss S. (2001, December 17). WEP's fatal flaw exposed. Network World, 45. Retrieved from http://go.galegroup.com.dml.regis.edu/ps/i.do?id=GALE%7CA80860761&v=2.1&u=regis&it=r&p=CDB&sw=w