|
In a hurry?
Getting a free digital certificate
Security for home Wireless Networks (Wifi Wireless Lans)
Some quick and simple notes for users of home wireless networks (Wireless Lans).
How secure is Wifi? Well, it's not very secure at all, but you can configure it to be secure enough for home use.
The first problem with wireless networks is that all traffic is broadcast wirelessly. Normally in a modern wire-based network, traffic flows around in a well directed way. For instance, many home networks have a router and a few computers connected with cables. The router contains a "switch" which knows which computer is connect to which of the multiple cables connected to the router. The switch is clever and makes sure that packets only go along the correct cable - the signal physically goes down over only one cable. Another computer plugged in to the switch can't spy on the transmission (unless the bad guy does some nasty things to the switch, which is unlikely in a home network).
But a wireless network can not isolate computers in this way: each packet is broadcast wirelessly, and any computer in listening range can pick up the packet. The very first wired networks were like this also. They used "hubs" instead of switches. A hub is like a repeater: it takes every packet it gets, and sends this to every computer connected to it, leaving it up to the computers to work out which traffic to ignore. One computer connected to the hub can therefore "sniff" all network traffic. From the security point of view, a wireless network follows the hub principle.
The solution to this problem is to encrypt the packets so that even if a third party spies on the transmission, it can't make sense of it unless it has the password. The encryption that Wifi uses is called WEP, which stands for Wired Equivalent Protocol, promising that WEP gives security as good as a wire-based network. There are two levels of WEP, 64 bit and 128 bit. Unfortunately, there is a subtle flaw in WEP, and even more unfortunately, no subtle flaw remains a secret on the internet. You can get open source software that will crack a WEP password, once it has recorded between 5 to 10 millions packets. In my home network, this is about a month of activity, unless there is a lot of downloading happening :-) So if you are worried about someone within radio range setting up a computer for a month, you will need to change your WEP passwords every month.
You can also activate a setting on your wireless router that only allows certain network adapters to connect. Each network adapter has a serial number (MAC address. Using this restriction is better than nothing, but it is not very secure. Your wireless router itself probably has an option allowing you to enter any network adapter ID that you want, so you can see how easy it is to simulate this.
There are other problems with WEP and Wifi, but for a home user this is the bigget problem. It is improved in more recent wireless standards.
Comments. Page modified: August 11, 2003
|
qweeblebeast