Wireless networks are available everywhere from your local coffee shop to Fortune 500 companies. While wireless networks improve efficiency and accelerate communication for fast-paced small business owners and entrepreneurs, it is important to consider and seek to minimize the associated security risks. Over the course of the next few posts, I will discuss wireless systems and provide a few tips to help you minimize your security risks.
Let’s begin with a review of the evolution of wireless security protocols.
There are three security protocols that today’s wireless products can support. They are Wireless Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2). WPA and WPA2 both can be implemented in two modes: Personal (also called Pre-Shared Key or PSK) and Enterprise (using 802.1x or RADIUS/EAP).
- WEP: This was the standard used in 1999 and by 2001 the algorithm used to encrypt the data was solved and ways to hack this security protocol became available on the Internet. Believe it or not, back in 2007 a team from a German University cracked the code in less than 2 minutes using a 1.7GHz Pentium laptop and software downloaded from the Internet. This protocol is legacy and should not be used under any circumstances. Don’t risk your data, either personal or business, using this protocol.
- WPA: This protocol was released for use in 2003 as a stopgap security protocol since the more secure WPA2 was scheduled for release in 2004. The improvement this security protocol introduced was something called “Temporal Key Integrity Protocol” (TKIP). TKIP dynamically generates a new 128-bit key for each and every packet of data being transmitted as opposed to a fixed 40 or 104-bit key that WEP uses. As you can see, an ever changing security key makes hacking a lot harder. This security protocol can be broken is 4-10 hours.
- WPA2: In 2004, WPA2 was released with a new encryption technology called Advanced Encryption Standard (AES) that far outperforms WPA using TKIP. The specifics of this protocol is beyond the purpose of this blog, but note that it is now used worldwide and approved by US government organizations such as NSA for all top secret information. All wireless devices manufactured with a “Wi-Fi” logo since 2006 must support AES. There have been many attack methods published regard WPA2 (AES), but as of 2013 none are realistically feasible.
With regard to WPA/WPA2 in “Personal” or “Enterprise” mode, most small and medium businesses will typically implement the wireless network using “Personal” mode. “Enterprise” mode does add an additional layer of authentication security (hence, harder for an intruder to force access) but requires a network server to be configured for Remote Authentication Dial-In User Service (RADIUS) and Extensible Authentication Protocol (EAP). However, if you have a server that can be configured with RADIUS, using “Enterprise” mode is suggested.
The staff at Reedy Creek can provide you with additional information about installing and securing a wireless network to increase efficiency and help you grow your business.
In Part 2, I’ll cover the “what to” and “what not to do” surrounding passwords.