Which wireless encryption to choose
In this article, I don’t want to go in depth; I just want to answer the basic question: Which wireless encryption should I use? Even as more and more people are setting up wireless connectivity for their networks, few realize the additional security risk they are adding. This is further compounded by the different choices that are available — can the average user, given the documentation that comes with their wireless router, understand the difference between the different protocols as well as the consequences of their choices? Probably not.
The first step to setting up wireless is admitting that there is a problem with letting people onto your network. Chances are, if you copy files between computers, send email, instant message, or browse the web, you generally want to presume that such information is private. While to the average user this might seem to be the case when on a network, even the only modestly tech savvy individual knows this is not true.
Wireless networking compounds this issue by providing the possibility of letting anyone with a wireless card access to your network. The way to keep random people off your network is with security — this is where encryption comes in. Unfortunately, wireless networking rolled out on the consumer end first, which made it a test bed for the security measures it implemented. This resulted in flawed implementations at the start.
Take WEP for instance. If this is your only option, then use it. If, for instance, your network contains 802.11b cards, you refuse to upgrade, and you’re dead set on getting everything wirelessly networked, you might as well enable it. Just don’t harbor any illusions that your network is secure. It’s not. As most implementations of WEP can be cracked in just minutes, this only adds a layer of nuisance — hopefully your neighbor down the road has an unsecured network that people will use instead. WEP: It’s better than nothing, but just barely.
Enter WPA. Finally, wireless hardware companies realized that security just might be important for sharing your home network wirelessly with the neighborhood. WPA was designed to address WEP’s vulnerabilities, and thus, WPA-TKIP was born. Unfortunately, while much stronger than WEP, WPA was built upon the WEP infrastructure, meaning that for a variety of reasons, WPA-TKIP is not entirely secure either. While much more secure than WEP, WPA-TKIP suffers from some other potential vulnerabilities. Most wireless hardware released today supports WPA-TKIP. If you have to choose between only WEP and WPA-TKIP, it’s a no-brainer — pick WPA-TKIP.
However, there is currently a third option: WPA2. WPA2-AES is currently the strongest and most secure encryption you can readily get on the consumer level. Realizing the flaws of the previous two protocols, network engineers went back to the drawing board, developing a secure protocol from the ground up. If this is an option, then definitely use it. Another option I sometimes see is WPA2-AES+TKIP — this is for backwards compatibility, mixing support for both WPA-TKIP and WPA2-AES. If you have to support legacy WPA-TKIP hardware, then this is an option; just be aware that you’ll be allowing all the vulnerabilities of WPA-TKIP onto your network. You’ve been warned.
Oh, you might see “PSK” thrown around a lot when discussing wireless encryption. That just stands for Pre-Shared Key. Chances are you’re using it, regardless of which encryption you pick. (How else would you authorize computers onto your wireless network?) If you’re consumer-level, you should probably also ignore RADIUS — that’s an authentication server run by some corporations, and most likely, you’re not running it.
So there you go, the quick run down. If you can use WPA2-AES, use it, and rest easy (for now). WPA2-AES+TKIP is okay, but definitely not as good as WPA2-AES. WPA-TKIP will do if those aren’t available, but does have some vulnerabilities. Only as a last resort should you use WEP, as it’s only marginal security. Hopefully, no vulnerabilities will be found in WPA2-AES for some time.
