Tuesday, December 4, 2007

WEP, WPA, WPA2, WTH

I was recently at a clients house, I was called in to address some issues with his current wireless network. After some investigation I found a few problems, 1 the router was not properly handling MAC address cloning, and 2 the router had WEP enabled. I replaced the router, and enables WPA2 Personal. When ever possible you should use WPA2 Personal or enterprise
Wired Equivalent Privacy, Wi-Fi Protected Access, Wi-Fi Protected Access 2, What the Heck do all these mean, and why should I care.

WEP (Wired Equivalent Privacy) was intended to make the security of a Wireless or Wi-Fi network as difficult to penetrate, but do to the implementation of encryption involved there are security vulnerabilities, making it as useful as the luggage lock that comes with the suitcases.

WPA/WPA2 (Wi-Fi Protected Access/Wi-Fi Protected Access 2) was implemented after WEP's security issues came to light. WPA/WPA2 addressed the security issues of WEP and has been required for all Devices to achieve "Wi-Fi' certification since 2004. WPA comes in 2 basic flavors Personal and Enterprise. Personal uses a pres-hared Key (PSK) for all the users on the wireless, allowing all users to see all data transfered. Enterprise Requires some back end services to allow authorization of users with out a pre-shared key per say.

Why should you care about encryption? You don't have anything on your computer that anyone would want to steal, no personal information like social security numbers or online banking. But in all likelihood you do have personal information on your computer that you'd rather not have publicized, like those party photos, or that photo of you in the, well let's not mention that one, or your complete browsing history, your entire Rolodex, birthdays, anniversaries, that chat conversation, or your poetry. What about that list of clients from the office, or the list of clients at the office, while not proprietary or confidential, how much do you think a competitor would pay for that information, or your accounting, HR documents, inside information on that "big deal" or simply the details on your profit margins, and bid process, the list goes on and on.
Needless to say, unless you're completely boring and have nothing, absolutely nothing on your
computer, you need to protect the data on it.

-- Tim Krabec
Kracomp

No comments: