Recently there seems to be a never ending stream of information leaks percolating through the news. Several states mandate wireless networks implement encryption and the Federal government is looking at forcing companies to disclose information leaks to affected customers. Of course any information leak or unauthorized access to sensitive data on a personal or even worse business network may present a myriad of liability issues.
Wireless networks are often targeted and most of them are not up to the standard of security that is publicly available. Using no encryption leaves your network immediately open to attack. This means any third party can connect in to your network, discover resources like shared files or computers that are vulnerable and gain access. There is not much, if any legal protection afforded in this situation as the network is open.
WEP (wireless equivalent privacy) is an older standard that for its time was certainly better than no encryption, but these days it is not much more secure than leaving the network wide open. The reason is that there exist several fundamental flaws in the WEP algorithm that leave your network vulnerable, including, but not limited to:
- Passive attacks to decrypt traffic
- Active attacks to inject new traffic from unauthorized nodes
- Active attacks to decrypt traffic based on fooling the AP (access point)
- Dictionary-based attacks that may take some time, but allows full decryption of all network traffic
These attacks are simple to configure and can be implemented with off the shelf equipment, including many standard laptop configurations. Furthermore, WEP uses RC4 encryption, a weaker and older form of stream-based encryption that is easy for attackers to exploit because of its vulnerable key exchange mechanism and the lower grade cipher used.
Many routers are setup to use WEP encryption, even those supplied by Internet providers. If you are using WEP (or no encryption at all) it’s best to consider using WPA2 with AES encryption. This is the highest publicly available wireless encryption standard. If your router or wireless card does not support this standard now would be a good time to consider upgrading.