Advanced Wi-Fi Lessons

Wireless Security

Wi-Fi security is an often overlooked but very important part of setting up a Wi-Fi network. In this article, we'll discuss the basics of common security types, including WEP, WPA, WPA2 and WPS.

Wi-Fi Security

There are several types of wireless security that you’ll come across – here’s a quick rundown on the details.

WEP

Wired Equivalent Privacy, aka WEP, is the grandfather of wireless security types, dating back to 1999. When a client connects to a WEP-protected network, the WEP key is added to some data to create an “initialization vector,” or “IV” for short. For example, a 128-bit hexadecimal key is comprised of 26 characters from the keyboard (totaling 104 bits) combined with a 24-bit IV. When a client goes to connect to an AP, it sends a request to authenticate, which is met with a challenge reply from the AP. The client encrypts the challenge with the key, the AP decrypts it, and if the challenge it receives matches the original one it sent, the AP will authenticate the client.

Need Help with Wi-Fi Security?

Secure Your Wi-Fi Landscape with inSSIDer

inSSIDer shows you exactly how your network is configured, how neighboring Wi-Fi networks are impacting yours, and gives suggestions for fast, secure Wi-Fi.

This may sound secure, but there was room in this scheme for an exploit to be discovered. The risk presents itself when a client sends its request to the access point – the portion containing the IV is transmitted wirelessly in clear-text (not encrypted). In addition, the IV is simple compared to the key, and when there are several clients using the same WEP key on a network, IVs have an increased probability of repeating. In a busy environment, a malicious user wishing to gain access to a network utilizing WEP security can passively eavesdrop and quickly collect IVs. When enough IVs have been collected, the key becomes trivial to decrypt. Clearly, WEP is not the correct choice for securing your network, and in light of this, other types of wireless security were created.

WPA

Wi-Fi Protected Access (WPA) was ratified by the Wi-Fi Alliance in 2003 as a response to the insecurities that were discovered in WEP. This new security standard, the Temporal Key Integrity Protocol (TKIP), included several enhancements over WEP, including a new message integrity check nicknamed “Michael.”
While Michael offered a great deal of improvement over the old way of securing networks, there was still some worry about some security issues with using a similar (though much stronger) implementation.

WPA2

The concerns about Michael led to WPA2’s introduction in 2004. At the center of WPA2 is its use of a security protocol based on Advanced Encryption Standard (AES), the U.S. Government’s preferred choice of encryption.
As it stands now, the only people who should still be using TKIP on a wireless network are those who are dealing with hardware that is rated for 802.11g only.

WPS

In 2007, a new security method - Wi-Fi Protected Setup (WPS) - began to show up on wireless access points. With this type of security, a user is able to add new devices to their network by simply pushing a button (within administration software or physically on the router) and then typing in an 8-digit PIN number on the client device. The PIN feature acts as a sort of shortcut for entering in a longer WPA (Wi-Fi Protected Access) key. The basic idea behind WPS is that having physical access to the AP to hit a button and reading a sticker would provide a more secure implementation of Wi-Fi authentication. Everything was well and good in the WPS world, until last winter, when a security researcher discovered the Achilles Heel in the implementation.
Here's how it works:
The eighth and final digit of the PIN number is a checksum, which is used to make sure the 7 digits that matter don’t get corrupted. From these 7 digits, we can see that there are 10,000,000 possibilities (since each of the 7 digits can be 0-9, with repeats allowed). This is still a pretty huge amount of possibilities, and alone could arguably still be considered quite safe -- but there’s a flaw in the checking process. When a PIN is being examined by the AP, the first 4 digits (10,000 possibilities) are checked separately from the last 3 digits (1,000 possibilities). This translates into a malicious user only needing to make at most 11,000 guesses, which a computer can handle in a matter of hours!
As you can see, if you or someone you know is currently using WPS on an access point, you should disable the feature ASAP.

Our Recommendation

If your access point or clients are only capable of using WEP, it’s time for you to look at upgrading your technology, for the sake of increased security – not to mention increased throughput speeds on newer devices.
Right now, the best security for your Wi-Fi network is WPA2 with WPS disabled. Using this security combination provides the most secure Wi-Fi network possible today, and gives you the peace of mind you need to "set it and forget it.” Besides, do you really want to trust a single button to provide all the security for your network? If WPA2 with WPS disabled ever becomes vulnerable, we'll be sure and keep you updated on the adjustments you should make to remain secure.

Designing a Dual-Band Network