If you have a low-end access
point, your security will be limited to Wired Equivalent Privacy
(WEP) and MAC address filters. With a higher end access point,
you'll be able to turn on Temporal Key Integrity Protocol (TKIP).
WEP is a system for encrypting your data to keep it private from
unauthorized users. It was designed to provide privacy equal to
what you get on a wired network. TKIP works on top of WEP, offering
stronger security than WEP, and increased assurance that your
data will not be compromised.
While it has been found that WEP does not
offer strong security, it does offer some security, and any security
is better than none. Therefore, you should turn WEP on no matter
what. You can also layer more security, such as TKIP, on top of
it. WEP uses secret keys that get combined with a keystream that
then encrypts your data into ciphertext. At the receiving end,
a corresponding keystream is used to decrypt the data.
WEP is used to authenticate
you to the network and a component of it needs to setup on both
the PCMCIA card and on the access point. WEP can be implemented
in 40-bit mode or 128-bit mode. As you may suspect, using the
128-bit mode offers more security than the 40-bit mode.
TKIP evolved to solve some
of the security problems that WEP does not solve. However, TKIP
is relatively new, and many access points and wireless client
cards do not support it. If you want to use TKIP, you'll need
to be sure you purchase wireless access points and client cards
that support it. With WEP, wireless hackers who have the will
and time to do so, can obtain the encryption key need to unlock
access to the data. In response to the vulnerabilities of WEP,
a task group of the IEEE designed TKIP to add stronger security
on top of WEP.
TKIP offers new encryption algorithms, and
constantly changes the encryption keys making them harder for
wireless hackers to capture them. Because the keys are constantly
changing, if one of them gets captured, it won't do a hacker much
good because by the time they try to use it, the wireless LAN
will be using different encryption keys. With TKIP, the encryption
keys are also encrypted themselves so you would first need to
decrypt the key, before you can use the key to decrypt the network
traffic.
MAC address filtering is
used to limit what pieces of hardware can access the wireless
network. On a large network, filtering the MAC address can be
quite an administrative chore and it's worth using cards with
sequential MAC addresses to make the job easier. If you want to
use sequential MAC addresses, this is something you will need
to specify when you make your purchasing decisions. On some wireless
PCMCIA cards you can change the MAC address, but on many wireless
PCMCIA cards the MAC address is fixed.
For even more security, you can also install
a Virtual Private Network (VPN) on your wireless
network. Unless you have truly sensitive information, it's probably
not worth the time and effort to do this. By using a VPN, you
tunnel your wireless data through an IPSec gateway. Using WEP,
TKIP, and a VPN together will create a very strong security barrier
on your wireless network. Using a VPN can create performance bottlenecks,
so don't use one if you don't need one. |
