Wi-Fi Security for Dummies

There are 4 basic levels of Wi-Fi security: "Open" (unsecured), WEP, WPA- PSK, and 802.1X. Let's walk through these techno-acronyms and explain these basic levels of security in less technical terms.

• "Open" is just that, open to all comers without any basic level of security. Like leaving your front door unlocked for anyone to enter, open networks are just a bad idea.

• WEP is the lowest level of security available on most Wi-Fi networks. Unfortunately, WEP have fundamental flaws that make it easy to hack and software on the Internet can crack WEP security in 10 minutes. WEP is equivalent to locking your screen door; it may keep your neighbor out, but it takes little effort to break in.

• WPA is the successor to WEP that is more difficult to crack. WPA is comparable to having a single lock on your front door, and giving a key to everyone you want to give access to. Keys can be shared or walked away with when someone leaves the network. The challenge with WPA is removing someone requires the entire network to be re-keyed and new keys re-distributed to valid users.

• "802.1X" is called enterprise-level security because it provides the highest level of Wi-Fi security available. 802.1X is widely deployed by Fortune 500 companies with a RADIUS Server and eliminates the common key problem by providing a unique key for each valid user every time they enter the network. This is analogous to the room key used in hotels. Each authorized user gets a new unique key every time they enter the network valid only for the time they are on the network.

How TJX Data was Stolen Over a Wireless Network

The Wall Street Journal's article today - How Credit-Card Data Went Out Wireless Door - is a must read article for small and medium businesses using wireless networks. The article explains how hackers easily broke into the wireless network, sniffed out user credentials, and then used those credentials to get into the corporate network (presumable over a VPN) to access millions of customer credit card and social security numbers. The article talks about the devastating effect this breach had on TJX and it's customers and didn't even mention the impact it had on TJX's confidential internal data, which is probably something they don't want to talk about. This should be a call to action for any business using Wi-Fi. Make sure your Wi-Fi network is secure. A RADIUS server and 802.1X control that gives you control over individual access is best. At the very least, use WPA or WPA2 and make sure you change the encryption keys when employees leave the company. Witopia and DAZ Software provide great tools that makes RADIUS easy for small businesses. Companies like Interlink Networks provides a higher end RADIUS server that is better suited for larger enterprises and ISPs.