WEP "Wireless Equivalent Privacy" was part of the original wireless specifications, so almost all hardware supports it. Unfortunately it is also fairly insecure. Hackers can easily find out the password and then do anything they want with your network. The software for doing this is widely available.
WPA "Wifi Protected Access" is a modified version of WEP, which changes the effective key quite often. It is much more secure than WEP.
As of Sept 31, 2003, all new 802.11b and g hardware that is tested for Wi-Fi certification must implement WPA. Thus WPA should now be fairly widely available.
WPA2 is a second-generation implementation, based on new encryption technology. The original WPA used the WEP encryption, improved by frequent key changes. In contrast, WPA2 is based on new encryption technology, the Advanced Encryption Standard (AES). Certification for WPA2 started in September, 2004. As of March 13, 2006, all equipment using the WiFi trademark must be certified for WPA2.
It is possible to mix WPA and WPA2 clients on a single network. As long as the access point supports WPA2 mixed mode, systems that support WPA2 will use AES and older systems will use WPA (except for broadcast or multicast traffic).
Wireless networking makes it easy for users to access the Internet and local services, but presents many dangers, some of which are much more than theoretical nuisances. Some hackers practice "wireless dumpster diving" by driving around scanning for open wireless nodes, and then making these nodes public, thus possibly providing free wireless internet access. If a wireless network uses WEP encryption, freely available tools, such as WEPCrack, can often discover the WEP encryption keys.
Wireless networking presents two primary security issues:
To provide good wireless security, you will need to adopt solutions that cover both Access Control and Privacy. Some wireless security attempts address only one, others address both.
The original wireless encryption standard, Wired Equivalent Privacy(WEP), was intended to make wireless networks as secure as wired networks. Originally, WEP used a 40-bit key for the symmetric, byte-oriented algorithm, RC4. A 3 byte initialization vector was prepended to this key, effectively producing a 64-bit key. Vendors also supported a 104-byte key, that together with the 3 byte initialization key made a 128-bit key for RSA.
In 2005, the FBI demonstrated how they could use publicly available tools to break a WEP encrypted network in three minutes. In 2007, the PTW WEP hack enabled its developers to break WEP security in only two minutes. This hack prompted all security professionals to declare WEP a high security risk.
After gaining illicit access to the internal wireless networks of these retailers, the hackers stole credit and debit card numbers.The credit card numbers, together with other private information, like passwords and account data, were sold to other criminals from the U.S. and some Eastern European countries. In order to make the numbers usable at any ATM, the hackers encrypted them on blank cards. The money transfers were performed via certain Eastern European bank accounts, which made them go unnoticed for quite a long time.
After their actions were discovered, the 11 men were charged with "computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy" for their participation in the scheme. "So far as we know, this is the single largest and most complex identity theft case ever charged in this country," said US Attorney General Mukasey.
The exact amount of money that was withdrawn from ATMs was not disclosed by the officials. They offered, instead, some information regarding the maximum penalty the defendants risk being sentenced to. If convicted on all charges, at least some of the leaders of the network face life in prison.
The bottom line for WEP is, "If a cracker can receive packets on a network, it is only a matter of time until the WEP encryption keys will be discovered."
Wi-Fi Protected Access (WPA) is a software/firmware improvement over WEP. All regular WLAN-equipment that worked with WEP are able to use updated WPA drivers so that no new equipment needs to be bought. WPA is a trimmed-down version of the 802.11i security standard that was developed by the Wi-Fi Alliance to replace WEP. The TKIP encryption algorithm was developed for WPA to provide improvements to WEP that could be fielded as firmware upgrades to existing 802.11 devices. The WPA profile also provides optional support for the AES-CCMP algorithm that is the preferred algorithm in 802.11i and WPA2.
WPA Enterprise provides RADIUS based authentication using 802.1x. WPA Personal uses a pre-shared Shared Key (PSK) to establish the security using an 8 to 63 character passphrase. The PSK may also be entered as a 64 character hexadecimal string. Weak PSK passphrases can be broken using off-line dictionary attacks by capturing the messages in the four-way exchange when the client reconnects after being deauthenticated. Wireless suites such as aircrack-ng can crack a weak passphrase in less than a minute. Other WEP/WPA crackers are AirSnort and Auditor Security Collection.[9] Still, WPA Personal is secure when used with ‘good’ passphrases or a full 64-character hexadecimal key.
Erik Tews, who created the fragmentation attack against WEP, revealed a way of breaking the WPA TKIP implementation at Tokyo's PacSec security conference in November 2008. Tews' method cracked WPA encryption on a packet in 12–15 minutes.
These hacks into WEP and WPA have all been realized because of the manner in which the RC4 algorithm was setup. Clearly something newer and safer needed to be developed. That has become known as WPA2, which used the newer Advanced Encryption Standard (AES) algorithm. So far, no hacks have been found against WPA2.
The only problem you might have implementing WPA2 comes from the fact that not all wireless cards support WPA2. Everything produced during 2008 or later does support WPA2, but this could easily become a problem when you try to roll out WPA2 on a fleet of machines, some purchased before 2008.
WEP does not deal handle key management at all. Either the WEP key must be manually given to end users or distributed with some other authentication method. WEP is a shared key system, so that the Wireless Access Point (WAP) uses the same key as all the clients, and the clients also share the same key with each other. To learn this key, a cracker would only have to compromise the key from a single user. If enough wireless traffic can be intercepted, then WEP's encryption key can be found out by a brute force attack in a few hours.
Normally, when you add a single bit to an encryption key's length, you double the number of keys, which would require twice as long to crack the key using a brute force method. The WEP implementation is such that RC4's key strength only grows linearly and not exponentially with increased key length. Thus the longer, 104-bit key doesn’t provide any significant protection over a original 40-bit key when faced against a determined hacker. As might be expected, wireless hackers have been busy and now we have WEPCrack to facilitate the cracking process.
WPA and WPA2 can be used in two modes,
A few installations use MAC address checks for access control and end to end encryption for privacy. While this probably meets some requirements for good Wireless Security, it runs into problems with managing managing MAC addresses on lots of different systems. Thus, to get good Wireless Security, use one of the two approaches listed above.
WPA and WEP provide both access control and privacy. Privacy comes from the encryption. Access control comes from the fact that someone must know the password to use your network.
For this reason, for small networks, using WPA is enough to meet
the requirements of the Wireless policy. However you will still
want to make sure that any services that use a password or other
private information use SSL or some other type of end to end
encryption.
It is critical to use a good password. There are attacks against WPA that will break your security if your password uses words or any other well-known sequences. WPA allows passwords as long as 63 characters. We strongly recommend using a long random password, or at the very least a long phrase (at least 20 characters, but preferably longer). The phrase should not be taken from any web site or published work. Most software saves the password, so you only need to type it once on each system.