A quick introduction to WiFi Security

Dec 14, '04 09:03:00AM

Contributed by: larkost

Having just battled a bit with a getting a wireless print server to connect to a Wifi network, and finding that the solution hinged on a few details in the WiFi security system, I thought that others might benefit from an overview, so here goes:

There are currently three levels of security (besides none). Here they are, listed in order of increasing security:

WPA2 is also on the way, and should be out sometime next year. Read the rest of the hint for a bit more on each of these protocols...

WEP

WEP is the older standard, and is regarded as something of a joke in the security community, but it is at least a some level of security (better than nothing, if not by much). Almost every WiFi device on the market supports at least the 40bit keys, and most support 128bit keys. To someone with the right knowledge (or the right program) WEP can be broken nearly 100% of the time ... but most people don't have this knowledge.

The passwords for the two different versions are either 40 or 128 bits long, and the standard defines a method for turning a 5 or 13 character password (respectively) into the key. However, the standard did not say anything about turning keys of other lengths into the appropriate length key ... so naturally everyone has their own way of doing it, and they are sometimes incompatible.

This means that if you are using products from different vendors, you should try and make sure that your passwords are the correct length for the security level you have chosen. Many systems also allow you to enter in the hex version of the password, sometimes by typing a '$' before the password (which is always the same), but it is just easier to make sure you have the right length password to begin with.

One last piece of the puzzle that WEP provides is that there are up to four different slots for keys to go into. This was originally included into the specification so that large access point providers could have some room for providing different levels of access, but I have never seen it used. The one reason that this is important to mention is that Apple's implementation only allows you to use the first key slot.

WPA

Support for WPA is still spotty in some areas; in fact, it is not even part of the standard install of WindowsXP (it is a free download). It also was not a part of 10.3, but is a part of the AirPort software available through Software Update (and on the CDs provided with both AirportExtreme and AirportExpress hardware). Support on Linux is more complicated than I am going to get into here. WPA is considered fairly good security, but if you provide it with short or bad passwords, it can be broken (via a dictionary attack).

Having seen the problems in WEP, the WiFI group made a good strides in solving the problems with WPA ... and so far it seems that they have pulled it off. The system for generating passwords now accepts passwords of any length, and it is the same everywhere. So you can make your passwords of any length, but short ones are still guessable.

Other considerations

Many WiFi access points also provide two other security measures: WiFi ID control (also called MAC control), and suppressing the SSID broadcast.

Every WiFi device has a number assigned to it that should be unique, so every card has its own number that is used as an ID number. Routers can use this number to decide who they want to talk to, and who they want to ignore. By making a list of the WiFi devices that are allowed to use an access point, it can then refuse to talk to any that are not on that list.

Some WiFi cards have the ability to lie about their WiFi ID, and so can pretend to be another device. If someone is trying to break into your network, they can simply listen in on the traffic already in the air and pick out a WiFi ID that is authorized, and then try and break the other forms of security that might be on the network. This is another thing that is not too difficult, but it requires that you know how to do it. It also requires that your hardware supports it, and so it's another security hurdle that you can put in the way of a hacker.

The last security hurdle available is to have your access point not broadcast its SSID number. That means that when you go to join a WiFi network, your network would not show up by itself, you would have to type it in manually. Once again, if someone is listening in on your network, they could pick this information out of the air, so in general this is not a great security measure.

As a summary: the best form of security available for WiFi is currently WPA. It is also the easiest to use, if all your devices support it.

Comments (25)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20041212201138552