Wireless Network Administration: WEP and WPA
Attempting to secure wireless transmissions via the WEP protocol was part of the original 802.11 standard. Recently, the improved WPA protocol has become the standard method of securing wireless transmission. Equipment of both types are still in use – so both protocols will be covered.
WEP stands for wired equivalent privacy and is designed to make wireless transmission as secure as transmission over a network cable. WEP encrypts your data by using either a 40-bit key or a 128-bit key. Keep in mind that 40-bit encryption is faster than 128-bit encryption and is adequate for most purposes. So it is suggested that you enable 40-bit encryption unless you work for the CIA.
Note that in order to use WEP, both the client and the server must know the encryption keys being used. So a client that doesn’t know the access point’s encryption keys won’t be able to join the network.
You can specify encryption keys for WEP in two ways. The first is to create the ten-digit key manually by making up a random number. The preferred method is to use a passphrase, which can be any word or combination of numerals and letters that you want.
WEP automatically converts the passphrase to the numeric key used to encrypt data. If the client knows the passphrase used to generate the keys on the access point, the client will be able to access the network.
As it turns out, security experts have identified a number of flaws with WEP that compromise its effectiveness. As a result, with the right tools, a sophisticated intruder can get past WEP. So although it’s a good idea to enable WEP, you shouldn’t count on it for complete security.
Besides just enabling WEP, you should take two steps to increase its effectiveness:
Make WEP mandatory. Some access points have a configuration setting that enables WEP but makes it optional. This may prevent eavesdroppers from viewing the data transmitted on WEP connections, but it doesn’t prevent clients that don’t know your WEP keys from accessing your network.
Change the encryption keys. Most access points come preconfigured with default encryption keys that make it easy for even casual hackers to defeat your WEP security. You should change the default keys either by using a passphrase or by specifying your own keys.
The below illustration shows the WEP key configuration page for a typical access point (in this case, a Linksys BEFW11).
WPA, which stands for Wi-Fi Protected Access, is a new and improved form of security for wireless networks that’s designed to plug some of the holes of WEP. WPA is similar in many ways to WEP.
But the big difference is that when you use WPA, the encryption key is automatically changed at regular intervals, thus thwarting all but the most sophisticated efforts to break the key. Most newer wireless devices support WPA. If your equipment supports it, use it.
Here are a few additional things to know about WPA:
A small office and home version of WPA, called WPA-PSK, bases its encryption keys on a passkey value that you supply. However, true WPA devices rely on a special authentication server to generate the keys.
Windows XP with Service Pack 2 has built-in support for WPA, as does Windows Vista.
The official IEEE standard for WPA is 802.11i. However, WPA devices were widely available before the 802.11i standard was finalized. As a result, not all WPA devices implement every aspect of 802.11i. In Wi-Fi circles, the 802.11i standard is sometimes called WPA2.