This week, we want to talk about securing Wireless Networks. Wireless communications have become nearly ubiquitous, but despite the rapped growth of their acceptance, the knowledge to secure those networks has been greatly ignored. We still see many home networks today that are using default configurations. Many vendors have been making their built-in security stronger, but these should still be considered a starting point and not considered the goal for wireless network security.
For the home user, there are normally three options to configure wireless network security:
Open
This isn’t security at all and is an unencrypted wireless access point where anyone can connect to the network. This should never be used for regular home usage or any other network where you expect to normally send sensitive information.
WEP
Short for wired-equivalent privacy, this older standard can easily be broken by someone merely monitoring the network over time. The handshake and encryption method used is extremely weak. This method should not be used.
WPA/WPA2
Multiple methods of authentication exist; however, the primary method available for most home users is pre-shared key. This is a passphrase used by each client connected to the network and perform the encryption handshake. It is important the pre-shared key is of a sufficient strength to minimize risk of brute force and hash cracking attacks.
What is a sufficiently strong pre-shared key? If we look at current standard for passwords, the goal is more about length then character complexity. Phrases are a good place to start. A complex sense with 16+ characters would be sufficient to minimize risk from most attack methods against pre-shared keys.
Even with strong pre-shared keys, there are other features that can weaken network security. WiFi Protected Setup (WPS) was created to simplify the process of connecting new devices to the network. This method often involves simply pushing a button on each device and following the steps to authenticate. This method relies on a simple PIN method to authenticate and is prone to its own weakness. My general guidance to anyone is to turn off WPS. Any ease in setting up a new device is minimized by the increased risk to your network.
Finally, we want to briefly mention, while it will not harm your network security, it is not a security measure to use hidden SSIDs. It is a relatively trivial task to unmask these values and determine the name of the hidden networks.
