WiFi Security Setup Guide

DataPro Tech Info > WiFi Security Setup Guide


WiFi Logo

Types of Encryption

  • WEP (Wired Equivalent Privacy) WEP Encryption was first ratified by the IEEE in 1999. It used a weakened implementation of the RC4 Stream Cipher. The available key lengths were advertised as 64-bits and 128-bits, giving users a perceived level of security that they were used to seeing. Many people found solace in the familiarity, however the WEP key lengths were misrepresented, as both versions of the key included a 24-bit initialization vector (IV), making the actual key lengths 40-bits and 104-bits.

  • WPA (WiFi Protected Access) WPA Encryption was created to fix the problems evident in WEP. WPA uses a form of the RC4 (a less flawed form than WEP) stream cypher, and also an integrated form of user authentication, which was almost completely absent from the original WEP spec. Using the Temporal Key Integrity Protocol (TKIP), a hashing algorithm to encode and verify the integrity of the data. It also uses a public-key encryption system called Extensible Authentication Protocol (EAP) to only allow authorized users access to a WiFi network. WPA was a temporary fix to the problems inherent in WEP encryption. WPA2, or 802.11i, is the official security standard and it was ratified fairly recently (June 2004).

  • WPA2 (WiFi Protected Access 2) or 802.11i WPA2 is the full and official implementation of the security measures needed to fix all the flaws of WEP. Ratified in June of 2004, only more recent network hardware comes equipped to handle WPA2. Using Advanced Encryption Standard (AES) block cypher instead of the RC4 stream cypher, right away WPA2 is more difficult to defeat. On top of the AES cypher, WPA2 uses 802.1x authentication using EAP and an authentication server, Robust Security Network (RSN) to log and learn from associations, and Counter-Mode/CBC-Mac Protocol (CCMP) to verify data integrity and source. Combined, these pieces make a very formidable whole to any potential WiFi thieves.

Encryption Weaknesses

  • WEP There were several large technical faults built into WEP, but also the implementation of WEP was flawed. WEP encryption is off by default, so often it was simply never turned on by those setting up their own networks. Also WEP encryption had no provisions built into it for key rotation, so users were always transmitting using the same single key. This made cracking WEP even easier. The technical faults of WEP were numerous, the most glaring of which were:

    • The Initialization Vector (IV) was the first 24-bits of the packet being transmitted. Thanks to a flaw in the RC4 stream cipher, specifically the key scheduling algorithm, the IV was sometimes transmitted in the clear (unencrypted). If a cracker were so inclined, they could "listen" to packets coming out of a client and after enough IVs had been collected they could crunch the numbers and crack the WEP cypher.

    • After the discovery of the statistically weak and therefore interesting packets with unencrypted IVs, most manufacturers changed their firmware to filter out the IVs that would lead to cracking the key. Because of this, the tools being used to crack WEP keys became useless...that is until a new statistical attack was devised that did not need the weak IVs to function. It still took advantage of weaknesses surrounding the key scheduling algorithm, but this new attack needs only half as many packets as the weak IV method.


  • WPA WPA implementation was much more effective than WEP at keeping prying eyes from wireless data. There were still weaknesses, however. It was discovered that a user-generated passphrase for WPA was easier to guess at than initially thought. The Pairwise Master Key (PMK), that is the key used to encrypt the data, is derived from the user-generated passphrase, the network SSID, the length of the SSID, and a randomly chosen value. This data was then hashed 4,096 times to create a key that was 256- bits long. The problem was, a majority of the data was readily available, making the parts that aren't that much easier to guess at. Several people devised brute-force dictionary attacks to guess at the passphrase used to generate the key. In the end it was determined that passphrases made up of fewer than 20 characters were not very effective at defeating interested parties.

  • WPA2 WPA2 lacks the key-encryption problems that WPA suffered from, thanks to key scheduling and client authentication algorithm evolution. As it is relatively new, no large holes are evident in WPA2, but you can be sure that eventually someone will discover a weakness. It is likely that said weakness will take far more work to exploit than the past problems, so if you are on the lookout for new wireless hardware, you would do well to ensure that you are buying WPA2-compliant hardware.

Security Auditing Tools

  • NetStumbler (Windows)

    NetStumbler is a program used for finding, mapping, and probing WiFi networks.
  • Kismet (Linux)

    Kismet serves a similar function as NetStumbler, though it also includes packet analyzing tools for intrusion and penetration testing.
  • KisMAC (Mac OSX)

    KisMAC is another network finding tool, again including some tools that go beyond simple detection.
  • AirSnort (Linux)

    AirSnort is an encryption key recovery tool. It analyzes packets and attempts to recover the data from the available information.
  • Aircrack (Linux/Windows)

    Aircrack is a toolset for capturing and decrypting encrypted packets. Excellent network integrity tool.
  • WepLab (Linux, Windows)

    Weplab is a toolset designed to both test network integrity and teach users how WEP works, it's various vulnerabilities, and how to best secure your network using WEP.
  • coWPAtty (Linux)

    A tool for testing WPA vulnerabilities.

Common Security Usage

Despite some indications to the contrary, there is a difference between security and encryption. Security involves taking what are normally common-sense precautions to prevent interested parties from accessing your data. Encryption is a form or subset of security. This section eschews encryption entirely to focus on what precautions you can take besides simply encrypting your data.
  • Focus your signal

    In a standard wireless network the Access Point uses an omnidirectional antenna, shooting signal in every direction for a limited distance. If you know where your client computers are and also that they won't be moving very much (if it all), then you can do several thing to ensure that signal is only going where it needs to be:
    • Replace the omnidirectional antenna with a directional or sector antenna.
    • Use a signal shield or attenuator to force the omni antenna to be directional.

    Remember, even if your data is encrypted, there are still packet flying in every direction, and as has been discussed the way network encryption is cracked is by capturing and inspecting packets. The fewer packets in the air where they don't need to be, the harder it will be to crack your network.
  • Change your network key

    Even with automatic key rotation and scheduling in WPA and WPA2, changing your network passphrase every so often is a good idea.
  • Conduct random log surveys

    Occasionally logging into your Access Point to see which devices are connected and checking your logs for device names that you don't recognize is a good way to passively test your own network.
  • Filter by MAC address

    Filtering connections by MAC address can ensure that unwanted devices are not connecting to your network.

Enabling the software-based security features.
Making a guide for enabling things like MAC filtering and log viewing can be a difficult proposition, as the menu options vary between manufacturers. Looking up any of these software-related options in your manual or on the manufacturer's website should yield enough information on how to enable and use the options in your Access Point.

Common Encryption Usage

Common conventions for using encryption are good insofar as enabling, however when choosing a passphrase for your network, it is best to be as unique as possible. Randomly choosing a combination of number and letters is a good way to ensure that dictionary attacks will not work on your network. Also choosing passphrases of secure length, at least 20 characters, can help ensure that your passphrase is not quickly cracked. WEP keys usually must be a certain length depending on what bit length key you want use, which is another inherent weakness in the implementation of WEP. Some manufacturers use their own algorithms for allowing a client to use a passphrase of any length which is then parsed into an acceptable key length for WEP to use. WPA and WPA2 allow you to use key lengths that are much longer.

Enabling encryption
Again, how you enable encryption can be different from manufacturer to manufacturer, though the menu options should look fairly similar. Generally, enabling encryption is one of the first options you see when you enter an AP's configuration utility. More advanced options can be found under an "Advanced" or "Security" tab.


Written by Flynn Martin for DataPro International Inc.
Unauthorized duplication strictly prohibited.