Alphabet Soup: What are WEP and WPA?
Wi-Fi is a technology that seems perfectly suited for small businesses: It frees up employees from the constraints of wires so they can be more productive, both in the office and on the road. But because Wi-Fi sends your data through the airwaves where unintended recipients can intercept it, it’s critical that you implement some kind of wireless security.
The two prevailing security protocols are Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), but which is more effective to protect your business? You might have run across these two acronyms when first setting up your business router -- but they are far from interchangeable.
WEP can leave you vulnerable
WEP was the original wireless security standard. But it didn’t take security experts long to discover that WEP was full of loopholes that were easy for a skilled hacker to exploit. WEP doesn’t offer authentication, which verifies that a device or person joining a network is actually who or what that device purports to be. The encryption isn’t very strong. In addition, the key -- a shared string of characters that enables the sending machine to encrypt data and the receiving machine to decrypt it -- never changes, unless you change it manually. So once a hacker figures out your key, he has the key to your kingdom. Even worse, hackers have created software tools that allow just about anyone, skilled or unskilled, to break through WEP protection. So WEP is actually nowhere near as secure as it is being wired.
“While WEP is better than nothing, it’s flawed and it’s been known to be flawed for a long time,” says Karen Hanley, senior director of marketing and membership at the Wi-Fi Alliance, a nonprofit organization that drives adoption of Wi-Fi standards.
A November 2006 report from Gartner Inc., the Stamford, Conn. research group, says that WEP leaves your business network vulnerable. “Avoid use on company networks, because vulnerabilities and cracking tools have been published. If WEP must be used, it should be configured for 128-bit encryption, and passwords must have a high degree of entropy," Gartner analyst John Pescadore writes. In other words, passwords should contain as many characters as possible, use special characters and a mix of upper- and lower-case letters, and contain no repeats or strings of characters that might be found in the dictionary.
WPA2 is the strongest security available today
WPA was released in 2003 to sew up WEP’s loopholes. WPA was the top Wi-Fi security choice until 2004, when WPA2 was released. WPA2, which is based on the IEEE 802.11i standard, is now the strongest security available -- stronger than its previous generation because it uses advanced encryption.
“It’s really strong security, and some would say that it means that wireless can be as secure as wired,” Hanley says.
In WPA and WPA2, a new encryption key is sent for every packet that is broadcast. So if a hacker manages to intercept and decipher the key in one packet, it will be useless when he tries to use it to decrypt the next packet because the network already will have generated a new key that invalidates the old one. WPA encryption is stronger than WEP encryption, and WPA2 encryption is stronger still. In fact, Gartner now recommends that all new wireless network purchases for company offices be capable of supporting WPA2. But most small business owners don’t need to worry about the details of how WPA2 works -- just that it works.
WPA and WPA2 are the best choices for small businesses
There’s no question that Wi-Fi has the potential to boost your company’s productivity and make data sharing more efficient. But as more government regulations require companies to protect customer data and other digital information -- or pay steep fines -- Wi-Fi security is not an area of the business in which you can skimp.
To simplify your search for the right equipment, look the Wi-Fi Alliance’s “Wi-Fi Certified” seal on nearly 700 products that have been tested and proven to implement WPA2. Setting up security on your network equipment is not overly complicated, but services such as Geek Squad and Firedog can do the job for you for a fee. In addition, the Wi-Fi Alliance soon will offer Wi-Fi Protected Setup, a program that it says will simplify wireless security setup for consumers and small business owners.
Whatever you do, just remember that the default security on most devices is no security at all.
“You have to turn it on,” Hanley says. “It’s a little like the seatbelts in your car: They’re great at saving lives but not if you’re not wearing them.”