I need to secure my wireless network. What types of wireless security are there and what kind should I use?

There are several types of security for wireless networking.

Wireless MAC Address Filtering - allows the router to control access to the wireless network by allowing only certain MAC addresses to connect to the wireless network. This is an older type of security and can be circumvented. The MAC address was intended to be a unique permanent identification number assigned to every network adapter, but now the BIOS on some computers allow the MAC address to be assigned by the user, and there are free programs that allow the user to change the MAC address at will. These changes undermine the integrity of using a MAC address for identification. While some users still prefer to use this type of security, in reality, it should only be used in conjunction with some other type of wireless security, and not as the sole method for securing a wireless network.

WEP (Wired Equivalent Privacy) - gives the wireless network security equivalent to that of a wired network. There are known hacks, but it is probably the type of security that is most commonly used because nearly all wireless cards support it. If WEP is going to be used, be sure to use the highest bit level possible. Common values are 64-bit, 128-bit and 256-bit, the higher the number the stronger the encryption.
WEP+ 802.1x - is an improved form of WEP that uses a Radius Server for authentication. This Enterprise class Wireless Security Solution is not commonly used outside of large companies, though due to the expensive hardware requirements.

WPA (WiFi Protected Access) - has two levels; an Enterprise mode that uses 802.1x, and replaces WEP with WPA; and a PSK (pre-shared key) mode known as WPA Personal. The latter is considered the best option available at this time for many home users. WPA's strength is that it does not trust to encryption alone. It has been improved in many areas. WPA allows a for a much larger and therefore stronger key. It also implements TKIP (temporal key integrity protocol) which dynamically changes keys as the system is used. WPA makes breaking into a wireless LAN far more difficult.

WPS (Wi-Fi Protected Setup) - making it easy to add new devices to an existing network without entering long passphrases. WPS uses one of the following connection methods, Pin entry, Push Button, NFC (Near Field Communications) and USB.

Note: There is a KNOWN security flaw with WPS and it is NOT recommended to be used.

The best choice for security is WPA-Personal (WPA-PSK), it uses a password or passphrase called a PSK (Pre-Shared Key) string that is created by the customer. The key needs to be from 8 to 63 characters long, with 20 characters being considered by most to be the minimum length required for a reasonably secure network. The key must be strong because this is where many hackers will attack. They often use a dictionary attack so those 20 characters CAN NOT be in the form of a real word (like dog or umbrella), they should be random, letters or numbers, capital letters, and even punctuation is allowable.
The best choice for compatibility would be WEP, it is probably the type of security that is most commonly used, because nearly all wireless cards support it.

Before WPA is enabled or a PSK string is set on the router, be certain that all of the wireless cards that are going to be used support WPA. If a network adapter does not support WPA, check the support pages for that product. Many adapters may have an updated driver or firmware that may provide or improve WPA compatibility.


Was this article helpful?
11 out of 17 found this helpful



Please sign in to leave a comment.