Wireless networks are very comfortable and easy to use. Hence, a lot of people set up Wi-Fi connections using a wireless router or wireless access points. Even a small business/ SOHO normally has a standard access point to provide wireless network access to its employees. But, how secure is this Wi-Fi connection? Can it be hacked by a determined hacker? How secure is the encryption used in Wi-Fi networks? Let us explore the answers to these questions, in this article.
Is a Wi-Fi Network Secure?
Well, if you have an open network which anyone can access freely because you don’t want to take the efforts or the time to set up some kind of protective mechanism in your access point, its definitely insecure!
But what might actually surprise you is, even if you have taken the basic protective measures, your network might still be insecure! (But not as insecure as the above case for sure 🙂 ).
When a home user / small business user buys an access point, what do they do to secure their network initially? Enable encryption – Set a pass-code to access their network, set up MAC Filtering (and) hide their SSID – Right?
All of these methods can be broken and your Wi-Fi network can be hacked within no time by using free to download software tools on the Internet! But the time taken and efforts needed to break each of them is different.
When you set up your Wi-Fi network to accept only certain MAC addresses (permanent hardware addresses assigned by manufacturer) without enabling any form of encryption, people can get into your network in no time. Ok, the next-door casual browsing person may not be able to, but any IT aware guy who knows how to search in Goolge can break into your network! Well, that brings in a lot of people inside the scope, doesn’t it?
The issue with MAC address filtering tables is, certain management frames are exchanged between your access point and your PC and they can be easily captured by using some freely available software tools like kismet or netstumbler. They can capture and expose information like SSID Name (Network name), MAC address, IP address, etc. So, all the hacker has to do is to come to a location near your house, capture some packets, identify your MAC address and SSID, change his Laptop MAC address accordingly, and connect to your access point. Its that simple!
Disabling SSID broadcast is a good step, but again the SSID information can always be gained by people who know how to scan / sniff a Wi-Fi network.
Assuming that you enable encryption, if you enable WEP encryption (because you have connectivity problems with other forms of encryption), people can easily crack this encryption within a couple of minutes, as long as they are within the range of your wireless network!
So, there are two more types of encryption – WPA/WPA2-PSK & WPA-Enterprise. The first one is easy to implement and is quite secure for a small office/ home office. But remember,
- WPA/WPA2-PSK Encryption can also be hacked. Its only more difficult.
- The SSID Name and the Passcode-key you select for your network should be complex. Especially the later. People scanning your network might try to break-in by guessing the passcode using automated dictionaries. More complex the pass-code, longer it takes to break the encryption. Of course, in most cases it may not be possible to determine your pass-code key this way.
- One pass-code is shared among multiple users in this method. This is fine as long as you trust them, but if they leak their pass-codes to the guy next door or it accidentally reaches them, it becomes impossible to trace if only authorized users are using your network.
- The pass-codes are generally remembered by the user computers, so if the computer is stolen or accidentally falls in the wrong hands, they can use it to gain access to the network.
The WPA-Enterprise method of encryption is much more secure and virtually impossible to break. But the disadvantage is, it is quite hard to implement. In this method, a digital certificate is configured in each computer that wants to access the Wi-Fi network and individual User-name / Password is given to each user. So, users must generally pass both these steps successfully to connect to the wireless network. In case if you routinely deal with sensitive information in your wireless network, its best to implement the WPA-Enterprise method of encryption.
The next step (or) a simpler method of implementing the WPA-Enterprise is to buy a Wireless Controller and let it manage all the access points in your premises. The Wireless controller can act as a radius server and can enforce security policies. Of course, there are so many other things that a Wireless Controller can do. Some small Wireless Controllers might be affordable for your business, just check it out. So, how secure is your wireless network?
You could stay up to date on the various computer networking / related IT technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’