When using a wireless access point or router it is important to remember that if you can send information from one device and receive it at another, anyone else within range might also be able to receive it. When protecting data send via wireless, security and protection is offered through encryption schemes that come with your wireless hardware you can enable. Short for Wired Equivalent Privacy (or Wireless Encryption Protocol), WEP is part of the IEEE 802.11 wireless networking standard and was designed to provide the same level of security as that of a wired LAN. Because wireless networks broadcast messages using radio, they are susceptible to eavesdropping. WEP provides security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. WEP was the encryption scheme considered to be the initial standard for first generation wireless networking devices. However, it has been found that WEP is not as secure as once believed. WEP is used at the two lowest layers of the OSI model - the data link and physical layers; it therefore does not offer end-to-end security. WEP's major weakness is its use of static encryption keys. When you set up a router with a WEP encryption key, that one key is used by every device on your network to encrypt every packet that's transmitted. But the fact that packets are encrypted doesn't prevent them from being intercepted, and due to some esoteric technical flaws it's entirely possible for an eavesdropper to intercept enough WEP-encrypted packets to eventually deduce what the key is. This problem used to be something you could mitigate by periodically changing the WEP key (which is why routers generally allow you to store up to four keys). But few bother to do this because changing WEP keys is inconvenient and time-consuming because it has to be done not just on the router, but on every device that connects to it. As a result, most people just set up a single key and then continue using it ad infinitum.

Key Terms To Understanding  wireless Security: wireless 802.11 802.11 and 802.11x refers to a family of specifications developed by the IEEE for wireless LAN technology. WLAN Acronym for wireless local-area network. Also referred to as LAWN. A type of local-area network that uses high-frequency radio waves rather than wires to communicate between nodes. WEP Short for Wired Equivalent Privacy, a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WPA Short for Wi-Fi Protected Access, a Wi-Fi standard that was designed to improve upon the security features of WEP.

Even worse, for those that do change the WEP key, new research and developments reinforce how even changing WEP keys frequently is no longer sufficient to protect a WLAN. The process of 'cracking' a WEP key used to require that a malicious hacker intercept millions of packets plus spend a fair amount of time and computing power. Researchers in the computer science department of a German university recently demonstrated the capability to compromise a WEP-protected network very quickly. After spending less than a minute intercepting data (fewer than 100,000 packets in all) they were able to compromise a WEP key in just three seconds.

It wasn't long before a new technology called WPA, or  Wi-Fi Protected Access debuted to address many of WEP's shortcomings.

WPA aims to provide stronger wireless data encryption than WEP, but not everyone has or was able to jump onboard with the new wireless encryption technology. In order to use WPA all devices on the network must be configured for WPA. If a device is not configured for WPA, it will usually fall back to the lesser WEP encryption scheme, enabling the wireless devices to communicate on the network. The technology was designed to work with existing Wi-Fi products that have been enabled with WEP (i.e., as a software upgrade to existing hardware), but the technology includes two improvements over WEP:

•  Improved data encryption through the temporal key integrity protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven't been tampered with.
  
• User authentication, which is generally missing in WEP, through the extensible authentication protocol (EAP). WEP regulates access to a wireless network based on a computer's hardware-specific MAC address, which is relatively simple to be sniffed out and stolen. EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network.

WPA has been a mainstream technology for years now, but WEP remains a standard feature on virtually every wireless router on store shelves today. Although it's mainly there for backward compatibility with the oldest hardware, if reports and studies are accurate, a significant percentage of WLANs operating today (especially those used in homes) are still using outdated and insecure WEP for their encryption.

Widespread use of WEP is almost understandable given that to the layperson, the similar abbreviations WEP and WPA don't convey any meaningful difference between the two security methods (and they may even imply equivalence) Plus, WEP is almost always presented first by the security interface of most broadband routers since WEP comes before WPA both historically and alphabetically).

Even if your router is several years old, it almost certainly supports some form of WPA (and if it doesn't, upgrading to the latest firmware may fix that). The easiest-to-use and most widely supported version is WPA Personal, sometimes referred to as WPA Pre-Shared Key (PSK).

To encrypt a network with WPA Personal/PSK you provide your router not with an encryption key, but rather with a plain-English passphrase between 8 and 63 characters long. Using a technology called TKIP (for Temporal Key Integrity Protocol), that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed. (Although WEP also supports passphrases, it does so only as a way to more easily create static keys, which are usually comprised of the hex characters 0-9 and A-F).

Properly configured, WPA offers you infinitely better protection than WEP, but this isn't to say that WPA security is iron-clad, because let's face it, what form of security really is? With that in mind, avoiding dictionary words in both the SSID and WPA passphrase (and having as long a passphrase as possible) will provide a lot better protection than using "linksys" and your dog's name.

RECOMMENDED READING: Think Wi-Fi Protected Access makes your home or small business network impenetrable? Think again -- and learn how to protect yourself.

Last updated: June 15, 2007
Adapted from PracticallyNetworked.com
You can read the full version of the article here.

Minimizing WLAN Security Threats 
Most wireless LANs do not invoke adequate security measures to guard against attacks. Learn what security threats exist for wireless LANs as the basis for deploying effective security measures.

PracticallyNetworked.com 
PracticallyNetworked.com provides easy-to-understand help for small-network builders. The site contains how-to information for setting up and debugging home-office and small-business networks. Users can also find extensive troubleshooting information, tips on getting applications to work through firewalls, product reviews on network hardware and software, and more.

Wi-Fi Planet 
802.11 news, commentary and information.

Wi-FiHotSpotList.com 
Search this directory for Wi-Fi hotspots in your region.

Wireless LAN Alliance home page
Contains an organizational overview and links to an introduction to wireless LANs, user stories, resources, and contact information.

Making the Most from WEP
While WEP encryption is not really good enough for mission critical data, it's still better than nothing for most WLANs. Here's why WEP does what it does, and the elbow grease you can apply to make it more secure.

WPA: Is Wi-Fi's Security Bandage Going to Win Over Network Admins?
WEP's security flaws have been widely known ever since January of 2001, when the University of California at Berkeley issued a highly publicized paper. Since then, WEP has been roundly criticized for flaws that include weak encryption, characterized by keys that are no longer than 40 bits; static encryption keys; and lack of a key distribution method.

PracticallyNetworked.com Discussion Forums 
If network connections, sharing computers, router problems or other networking issues are bogging you down, then the PracticallyNetworked.com discussion forum is the place to be. Here you'll find help and support for all your network-related problems.