Back

WiFi encryption

Introduction
WiFi networks usually need to be protected from unauthorised access. If they are not, bandwidth can be used by anyone who logs in for any purpose. Not only might this slow the whole network down if, for example, an unauthorised user was downloading films, they might be using the network for illegal or immoral purposes, which could be traced back to the WiFi owner! For this reason, Wireless Access Points (WAPs) are set up to send 

hacker

WEP / WPA / WPA2
When setting up a Wireless Access Point (WAP), it is important to ensure that the wireless signals used by the WAP are encrypted. That means that anyone who intercepts and captures the wireless signals are unable to understand what they are because the data has been scrambled using an encryption algorithm. The computers and other devices that are authorised to use the network, however, can descramble the signals. They can therefore connect to and use the network. There are three encryption methods in use.

    • WEP (Wired Equivalent Privacy). This form of encryption is still used on some networks, especially if the equipment is very old. However, you should understand that WEP is not secure. It is easily hacked into using tools athat are freely available on the Internet. It should not be used if an alternative such as WPA or WPA2 is available, and if WEP is used, you should assume that it will not prevent data being stolen.
    • WPA (WiFi Protected Access). This requires the use of a key or password to get access to the network and uses a strong encryption algorithm. The longer and more complex the key, the harder it is to get unauthorised access.
    • WPA2. This is an improved version of WPA encryption and is much stronger than WPA. Unfortunately, not all equipment can use WPA2 encryption so WPA should be selected instead when this is the case.

Good passwords
Setting up a WAP using WPA and WPA2 requires the use of a key or password. This should be chosen so that it is not easy for someone to guess or discover using online tools. The longer and more complex it is, the better. If you search the Internet for 'What makes a good password', you can get all kinds of good advice but generally, speaking passwords should include the following:

    • They should be at least 8 characters long, but ideally more.
    • They should include numbers, capital letters, lowercase letters and symbols.
    • They should not be a word found in any dictionary.
    • They should be changed regularly.
    • They could be generated using a password management application, which makes the process of creating complex passwords and remembering them easy. Examples of open source password managers include KeePass, Encryptr, Padlock and Password Safe.

Setting up an Access List
Sometimes, you want to be sure that only specific computing devices can use a network. Even if a potential hacker knows the password to a network, they will not be able to get access unless the device they are using is registered with the WAP. This is called an Access List. Every piece of hardware has a Media Access Control (MAC) address hardwired into its Network Interface Card. It might look something like this: a3:14:cd:b3:3e:26. This address is unique to that hardware device. The network administrator collects together all the MAC addresses of the devices that will be allowed to use the network, opens up the WAP administration software and finds the Access List section. They then enter in all of the MAC addresses and saves them. When a user, who knows the correct password, tries to get access to the network, the WAP will check the MAC address of the device in the Access List. If the device is allowed, it will get access. If not, it won't.

Access Lists are perfect for home networks and small businesses, where you can easily identify the devices that should be allowed to use the WiFi network. They may not be so useful for a network that constantly needs to let different users get access using their own equipment, such as in a hotspot. 

Hotspots
A hotspot is a place where you can get Internet access using WiFi. To use a hotspot, you connect to a wireless router, which has been set up by someone or a company who has paid an Internet Service Provider (ISP) for access to the Internet.

Unsecured hotspots
Hotspots come in various flavours. They can be 'open' or 'unsecured'. You just need to be within range of the wireless router (typically within 20 -30 metres), select it from the list of available networks and you get connected without knowing a password. This might sound great - free access but it comes with a serious set of security risks. The reason is that any data you send over an unsecured network (a network where you don't have to enter a password) is easily available for anyone with the right software to grab - and the software to do this is widely available on the Internet. So, for example, any photos you send or any email accounts you use can be easily seen by others. If you don't have some software called a Firewall set up properly on your connecting device, and you have 'file sharing' still turned on in your settings, it is also possible for someone to gain access to your hard disk. Just by connecting to an open network, you are opening up yourself to anyone else on that network! In addition, if you use someone's network without their permission, you may also be breaking the law. 

Secured hotspots
Hotspots can be free but password protected. You have to be in range of the router and you need to know the password. Sometimes in a cafe, these are simply stuck to a wall for everyone to see and at other times, you have to ask the owner for the name of the network and the password. You then select the name of the network from the list that appears on your phone, tablet or laptop, for example, enter the password and you are connected. Sometimes, access is free but you have to set up an account, often using a mobile phone number to verify the account. You then get login and password details. Finally, there are hotspots where you have to pay. You pay a company a fee, usually by credit card, for so much access time. When you are within range of the company's router, you open up a browser, enter in a login and password and you are connected, until your time runs out! With all public networks, there is a risk that your sensitive information can be grabbed by someone else. The same advice applies here as for with unsecured networks. You should always use a Firewall and check that file sharing is disabled. Many people advise never to do any sensitive transactions over public networks e.g. never do banking transactions, for example. Browsing using a secure browser is also recommended, something like this.

tetherTethering
If you have two devices, one with 3g Internet access e.g. a phone and one without e.g. a tablet with just wifi, it is possible with many phones to set up a hotspot. This is called 'tethering'. Typically, you have to find a box to tick in your phone's settings that tells the phone to turn tethering on. You have to give your temporary hotspot a name and sometimes a password or passcode, although this is also sometimes automatically generated for you. Anyone within range of your phone can then see the name of your hotspot in their list of available wireless networks. As long as they have the password or passcode, they can get access to the Internet using your phone! You need to be careful, though. For one, they might use up your bandwidth very quickly and you will have to pay for more. You might also be breaking your phone provider's terms and conditions. For example, you may have a package that allows unlimited Internet access but they will state that tethering is not allowed to protect themselves from excessive downloads. Your phone company may suspend your account if it detects a sudden surge of data being downloaded.

Virtual Private Networks (VPNs)
Because of the very real security risks associated with using a hotspot, you should always assume that what you are doing can be seen by other people and be aware that you are potentially being hacked if you use a hotspot. You should never use a hotspot, for example, to access your online bank account details. However, you may need to do this when you are travelling abroad, for example. To ensure you are safe, you should setup a VPN. There are free ones but there are also paid ones that cost about £30 a year. Once registered, you download a special program. When you connect to a WiFi hotspot, the VPN software creates an encrypted 'tunnel' between you and your VPN provider. All communications to and from your device travel through this encrypted tunnel. Even if someone grabs your data using freely available software, it will be encrypted and therefore useless to them.

Back