Wireless networks are great- they give you all the benefits of a network without being tied down by wires.
However, wired networks have one major security benefit- it’s restricted to wherever you can physically plug a cable in. This lets you decide where people can- and can’t- access your network from. Typically this will be within your home or office.
Wireless networks are different- they can be accessed anywhere that’s within range of the transmitter/receiver, no wires required. This is why they’re convenient, but it’s also a potential security risk. Why? Because this range normally extends some way outside your own building. So (for example) when you’re connecting to your own home network, it’s quite common for your computer to show the names of other networks- these are probably ones that belong to your neighbours!
If you’re not using additional security, this means that anyone within range of your network signal can connect to- and use- it. That includes sharing your Internet connection. For the paranoid, it also means that others can “sniff” any private data travelling over your network. This isn’t good from a security perspective, but fortunately there’s an easy solution- use an encryption scheme with password authentication on your server.
Password authentication stops unauthorised access to your network, and encryption stops eavesdropping. Unless you have a good reason not to, you should always have these turned on.
Which Security Scheme?
There are three choices. These are:-
- WEP (”Wired Equivalent Privacy”)
- WPA (Wi-Fi Protected Access)
- WPA2
Let’s keep this simple- you should be using WPA or WPA2! WEP came out first and was supposed to provide the same level of security as a wired network (hence “Wired Equivalent Privacy”). Unfortunately, it didn’t. WEP turned out to be quite weak, and nowadays can be broken very easily.
WEP is better than no security at all, but it’s still poor. WEP will stop people “accidentally” logging onto your network and lazy hackers, but it’s possible to break it if someone is determined. Since most modern devices support WPA or WPA2, we recommend you use them unless you’re using WEP-only devices.
WPA and WPA2 are newer schemes that are far more secure. We recommend either (don’t worry which if you have the choice). WPA and WPA2 are very similar, but WPA is based on an early draft version of the 802.11x security standard. WPA2 is based on the final version and includes a few extra features.
WPA Passwords
When setting up your wireless router, you may notice that there are two password (or “key”) schemes for use with WPA and WPA2:-
- Personal, also known as Private Shared Key, PSK or WPA-PSK mode.
- Enterprise or Radius Server mode.
If you’re running a home or small office network, choose “Personal/Private Shared Key“. This means that everyone uses the same (”shared”) secret (”private”) password (”key!”).
Enterprise mode is more complicated and meant for use in larger networks where having a single password/key isn’t so practical. We won’t discuss it here.
Finally, choose a hard-to-guess password. Anything that can be easily guessed (such as a spouse or child’s name) is a bad choice. So are simple words that can be found in a dictionary.
A password that is unlikely to be guessed by others- and preferably includes an unusual mixture of letters and numbers- is far better.
Summary
- Unlike wired networks, wireless networks can be accessed from anywhere within range of the transmitter- even if that’s outside your building.
- Unless you have a good reason not to, you should always have wireless security on your network turned on
- The older WEP scheme has a number of serious weaknesses. We recommend that you select WPA or WPA2 instead.
- If you’re running a home or small office network, always choose “Personal” or “Private Shared Key” mode for your WPA security.
- Choose a password that’s hard to guess!
