Encryption has been in use for a long time.
The ancient Greeks and Romans used early encryption techniques to secure their communications, and governments and individuals have used encryption ever since.
Many early types of encryption are still in use in some form today, including steganography, restrictive algorithms, and proprietary encryption schemes.
These older encryption techniques often suffer from numerous design and implementation flaws, and, when companies integrate them into networking products, security ultimately suffers.
Modern encryption techniques
Modern encryption techniques utilizing computers and advanced mathematical science are far more secure than those that preceded them.
They use unrestricted algorithms in conjunction with numeric keys to secure information.
Because unrestricted algorithms are public, and have been tested and withstood scrutiny and attack by the world’s best cryptanalysts, they are more secure than the older restrictive algorithms.
These techniques, even though they are not foolproof, have proven to be robust and reasonably secure.
Wired Equivalent Privacy (WEP) is the encryption standard developed for wireless networking.
WEP encrypts data traveling between access points and computers on the network.
It’s a nice name, but the technology hasn’t lived up to its promise.
WEP suffers from a number of flaws that allow attackers to discover keys by analyzing network traffic.
Attackers can then decrypt all data in real time and continue to compromise the network.
In order to improve security, the Wi-Fi Alliance developed a new standard known as Wi-Fi Protected Access (WPA).
WPA is much more secure than WEP, however, some older devices may not be upgradeable to WPA, and older mobile devices (Pocket PC and Palm) may not have enough processing power to take advantage of WPA.
Although it is better, WPA is vulnerable to simple DoS attack.
If an attacker sends two forged data packets to a WPA-enabled access point in under one second, he can trick WPA into thinking it’s under attack and force it to shut down for over a minute.
This effectively locks all users out of the access point.
If the attacker does this repeatedly, he can cause real headaches.
All protocols are susceptible to DoS attacks in some form, so this is a trivial vulnerability.
I say don’t worry about it; if your system allows you to do so, upgrade to WPA as soon as you can.
If WPA is compatible with your network, then enable it.
You can enable WPA (and WEP) using the configuration utility for your device or through its Web interface.
If you can’t use WPA, then use WEP.
Even if WEP can be broken, it takes some effort, and you can deter all but the most determined crackers.
Faced with having to crack WEP or simply moving on to the next open WLAN, most crackers will just move along.
If you telecommute or work from home and need extra protection, use a virtual private network (VPN).
A VPN acts as a “tunnel” to protect data traveling between your workplace and home (or laptop).
Chances are good that your company already has one installed so all you need to do is contact your IT dept and (very nicely!) ask for a VPN client.
This allows you to check and send e-mail and other data through an encrypted link with the company mail server.
Dealing with Default Settings
Failing to change the default settings on WLAN equipment can facilitate attacks and allow unskilled script kiddies to access your network with little effort.
Each manufacturer has default settings for all the equipment they produce.
These settings facilitate installing the equipment; unfortunately, many users never change them.
They just take their router out of the box, hook it up, and start using it.
Default settings are public knowledge to crackers, who post them all over the Internet.
There are default settings for passwords, SSIDs, broadcast strength, and IP addresses.
Failing to change any of these can leave your network vulnerable to attack.