Wifi Security – Part I

Rachiyta JainCyber Security


Wifi security is one of the major concerns for one and all today. Before we proceed to learn how to secure our wifi connection it is important to understand the basics of wifi for as long as you don’t know what you’re dealing with you cannot secure it.
There are various types of Wifi. They basically differ in the type of data encryption protocol. The level of encryption decides the security of the network. The first data encryption protocol used for Wi-Fi was WEP(Wired Equivalent Protocol). WEP was very insecure and was replaced by WPA(Wi fi Protected Access) in 1999. However, till date we find several routers include WEP which is very risky. So if you are one of them, please change and opt for one of the protocols in WPA family.
Along with WPA came TKIP(Temporal Key Integrity Protocol). TKIP was similar to WEP and though once in good books of people, it is no longer considered secure. In 2004 WPA-2 was launched which made use of AES(Advanced encryption Standard). AES when compared to TKIP is far more secure. Believed to be uncrackable by even the most skilled hacker, it is even used by US government. However brute-force attacks are its major weakness.
WPA-2 comes in two different modes: WPA2-PSK and WPA2-ENT. The term PSK stands for “pre-shared key” and is an encryption passphrase. It is authenticated by a 256bit key and is good for home and very small office networks. The encryption passphrase as set by you must be entered each time you connect. ENT stands for “Enterprise”, used for Enterprise network and is the best choice for business network. Unlike PSk where passphrase is stored locally, the passphrase is not stored locally in ENT and a new encryption key is created every time the user logs in with their unique passwords. ENT is easier to manage since it allows centralised control over users’ access to the wireless network.
Ent requires RADIUS(Remote Authentication Dial in User Service) while PSK requires no such thing and is thus easier to setup. However there are ways to make use of the benefits of WPA2-ENT without getting into the complications of getting RADIUS. What you choose to use depends on your needs.
If you are still blinking your eyes at the screen, here is a simple explanation of the various options you have:

• Open (risky): Open Wi-Fi networks have no passphrase. You shouldn’t set up an open Wi-Fi network — seriously, you could have your door busted down by police.
• WEP 64 (risky): The old WEP encryption standard is vulnerable and shouldn’t be used. Its name, which stands for “Wired Equivalent Privacy,” now seems like a joke.
• WEP 128 (risky): WEP with a larger encryption key size isn’t really any better.
• WPA-PSK (TKIP): This is basically the standard WPA, or WPA1, encryption. It’s been superseded and isn’t secure.
• WPA-PSK (AES): This chooses the older WPA wireless protocol with the more modern AES encryption. Devices that support AES will almost always support WPA2, while devices that require WPA1 will almost never support AES encryption. This option makes very little sense.
• WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This isn’t secure, and is only a good idea if you have older devices that can’t connect to a WPA2-PSK (AES) network.
• WPA2-PSK (AES): This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. You should be using this option. On devices with less confusing interfaces, the option marked “WPA2″ or “WPA2-PSK” will probably just use AES, as that’s a common-sense ch
• WPAWPA2-PSK (TKIP/AES) (recommended): Comcast Xfinity router recommends this free-for-all option. This enables both WPA and WPA2 with both TKIP and AES. This provides maximum compatibility with any ancient devices you might have, but also ensures an attacker can breach your network by cracking the lowest-common-denominator encryption scheme. This TKIP+AES option may also be called WPA2-PSK “mixed” mode.

On most routers we’ve seen, the options are generally WEP, WPA (TKIP), and WPA2 (AES) — with perhaps a WPA (TKIP) + WPA2 (AES) compatibility mode thrown in for good measure. If you do have an odd sort of router that offers WPA2 in either TKIP or AES flavours, choose AES. Almost all your devices will certainly work with it, and it’s faster and more secure. It’s an easy choice, as long as you can remember AES is the good one.