Dec 2, 2009

WEP vs. WPA Wireless Security

WEP

WEP (Wired Equivalent Privacy) was originally intended to give you the same or similar level of security as on a wired network but it turns out that it does not. WEP works by using secret keys, or codes to encrypt data. WEP is defined in the 802.11b standard and aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. The network card encrypts the data before transmission using an RC4 stream cipher provided by RSA Security. The receiving station, such as an access point performs decryption upon receiving the frame. WEP only encrypts data between 802.11 stations. The Access Point and the client must know the codes in order for it to function.  WEP has three settings: Off (no security), 64-bit (weak security) and 128-bit (higher security).

WEP is not difficult to crack, and using it reduces performance slightly. The WEP concept of using a passphrase is introduced so that you do not have to enter complicated strings for keys manually. The passphrase you enter is converted into hex keys. The static nature of the shared secret keys is its weakness. 802.11 doesn't provide any functions that support the exchange of keys among stations. As a result, system administrators and users generally use the same keys for long periods of time. This gives hackers plenty of time to monitor and hack into WEP enabled networks. Most wireless networks that use WEP have one single WEP key shared between every node on the network.


WPA

WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer's wireless equipment. WPA is a much improved encryption standard that delivers a level of security beyond anything that WEP can offer. It bridges the gap between WEP and 802.11i (WPA2) networks.  WPA uses Temporal Key Integrity Protocol (TKIP), which is designed to allow WEP to be upgraded through corrective measures that address the existing security problems. WPA is able to achieve over 500 trillion possible key combinations and re-keying of global encryption keys is required. The encryption key is changed after every frame using TKIP. This allows key changes to occur on a frame by frame basis and to be automatically synchronized between the access point and the wireless client. The TKIP encryption algorithm is stronger than the one used by WEP. WPA is compatible with many older access points and network cards.



WPA2

WPA2 is the latest implementation of WPA and provides stronger data protection and network access control. It provides WiFi users with a higher level of assurance that only authorized users can access their wireless networks. WPA2 is based on the IEEE 802.11i standard and provides government grade security. 802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless LANs. It defines new encryption key protocols including the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
There are two versions of WPA2: 
WPA2 Personal and WPA2 Enterprise. WPA2 Personal protects unauthorized network access by utilizing a setup password. WPA2 Enterprise verifies network users through a server.

No comments:

Post a Comment