The culprit: WEP
Would you sleep in a room on the second story of a building with the window closed but unlatched and a ladder leaning against the window? If you use Wired Equivalent Privacy, also known as WEP, for your home wireless internet security, then that is what you are doing electronically, and WEP is often the default setting on wireless network routers that you buy for your home. In an article written by Steve Janss, he highlighted an important wireless security issue when he wrote, “Wired Equivalent Privacy vulnerabilities came to light … in October 2000” (Janss, 2001). WEP is a common wireless network security protocol that is still in use today. Janss goes on to say that computer programmers began writing software in 2001 that could easily and quickly decipher the code and find the password for any security system using the WEP protocol. Although the use of WEP in handheld devices and home computer systems puts your personal information at risk, there is a solution to the problem.
Since 2001, programmers have improved their programs to break into these networks. Without going into the math and technical details, the problem is that WEP uses a limited size of its encryption key and many of the messages sent over a wireless network start with the same few characters. Using these two details, a hacker can write a program to eliminate most of the possible encryption keys, leaving only a few to test and with only about 10,000 packets of data that takes only a few minutes to send, the program can find the password key. Anyone who has that password key can access your network and see everything that you send and receive on the internet. Today, there are even videos on YouTube that demonstrate step-by-step instructions on how to break into systems protected with WEP security and anyone with even a moderate level of computer skills can follow the instructions and break into a network. This is still a current issue as you can often find some networks protected with WEP that you can see with your laptop from home or many public locations. Fortunately, most current home wireless systems include a new style of security.
The solution: WPA2
There is hope for home wireless networks and the people who own them. Manufacturers began releasing a new style of security protocol in 2003, with an upgrade in 2004. The latest version called, “WiFi Protected Access 2” or WPA2 is the most secure system available for home use. WPA2 is a new security standard developed by the WiFi Alliance that supersedes WPA and provides much better protection for home security systems. Determined hackers can still crack this security code, but it takes longer and requires more knowledge than cracking WEP. There are, however, some important cautions, even with WPA2.
WPS: As Guilty as WEP
Many new wireless devices come equipped with something called WiFi Protected Setup, or WPS. This is supposed to make setting up your wireless system much easier, and it does, but it bypasses the WPA2 security and uses a simple 5-digit pin code. Hackers can quickly decipher the pin code by just trying all the different combinations of numbers and within a few minutes, gain access to your system. WPS negates all of the benefits of WPA2 security, so you should never use it. However, WPS is not the only risk and password length plays an important role in your wireless security.
Don’t Scrimp on Password Length
When setting up the WPA2 security on a wireless network, the system will ask you to enter a password with between 8 and 63 characters. The length of password that you choose will determine the level of security in the system. Choose a password of between 60 and 64 characters to take advantage of the full security of WPA2. If you select a password with fewer characters, the security of your system is only slightly better than with WEP security. Do not worry about having to remember this password because you will only need it to add new devices to your wireless system, and once entered in a device, that device will remember it. Make sure that you choose a series of words, numbers and symbols and do not select a repeating series of characters. The best passwords will not have any characters that are identical next to each other.
Replace Old Devices for Piece of Mind
One final note is that if you have an older device that does not have WPA2 capability, you cannot upgrade it. The only solution is to throw out the old device and buy a new one, but for less than $100, you can provide security for all of your personal information. Even if your device is not a wireless router, you will have to set up that router to allow WEP for that one device, and your system is only as secure as your weakest link. With WPA2 and a long password, you can rest easy knowing that your network is secure from all except the most determined hackers.
Rob.
References
Goth,
G. (2002). Read it and WEP. IEEE Internet Computing, 6. Retrieved from http://csdl.computer.org.dml.regis.edu/dl/mags/ic/2002/01/w1006.pdf
Janss S. (2001, December 17). WEP's fatal flaw
exposed. Network World, 45. Retrieved from http://go.galegroup.com.dml.regis.edu/ps/i.do?id=GALE%7CA80860761&v=2.1&u=regis&it=r&p=CDB&sw=w
5 comments:
Computer security and encryption is essential regardless of its application. I just wrapped up a lesson in a computer networking class that outlined the differences and evolution of the capabilities for the 802.11 protocol. What the class seemed to uncover was the idea that all of these capabilities exist, but they are not leveraged to their fullest extent. A major reason for this may be the lack of user education. With the proliferation of WiFi, education has fallen behind. Perhaps the best way of making the internet more safe and secure is by better educating its users.
Rob,
Great read on wireless security. You make a very good point that WEP is almost useless. It will keep the average Joe off of your network. How important do you think a long password is?
-Andy
Rob,
This is all new information to me. I had never known that there was a difference between the WPA2 and WEP. I know how to use a computer but overall I'm not that savvy with them. This has given me something to look into for my future products. Thanks for sharing this is something I'm glad I have been able to read.
Jesse
Wow, this article was extremely enlightening and a bit scary. I have always felt a bit uncomfortble setting up my home networks. I am no networking expert and I always feel a bit paranoid when I do this myself. I just follow the directions and I never really knew what WPA2 or WEP was, great blog!
Thanks much for this information. Does this mean that home CCTV networks can be accessed by others as well?
Post a Comment