Helping people with computers... one answer at a time.
Wireless Encryption is somewhat mysterious. Wireless encryption is something you likely need to keep your network, and your data, secure.
I recently installed a wireless network so I can use my laptop in other areas of my house. I'm a little confused regarding its security. Should I enable encryption or is my firewall enough? I understand from what I have read that encryption will slow down the network.
•
There are some exceptions, but more often than not, yes, you need encryption.
A firewall gives you certain type of very important protection - but not against the types of issues that a wireless network opens up.
•
Your firewall is protecting you from intruders up to the point that the firewall lives. For example if you're using a router as your firewall, then it's preventing certain types of attacks from the internet from ever reaching the machines on your local area network. If you're using a software firewall, such as ZoneAlarm, it's doing the same kind of thing, at your machine's network connection. It's preventing machines from exploiting vulnerabilities on your system to infect or otherwise compromise your system.
That's very different than encrypting your wireless connection. There are two issues that remain unresolved: wireless access could allow anyone to connect to your network, and even worse, once on your local network they can start looking at the data you're sending out on the net.
Even with a firewall, if your wireless connection is not encrypted, you're operating the equivalent of a free public-access hotspot. Anyone within range could start using your internet connection without your permission. In fact, anything they chose to do could look like it was coming from your IP address.
What's worse, is that anyone in range who's connected to your network can run freely available software that can monitor your network activity. They can see your unencrypted data go back and forth - often including your account names and passwords. While your "https" connections are probably safe - they're separately encrypted - your email and email login, for example, probably isn't.
Unless you encrypt. Encryption using WPA (do not use WEP - it's now easily cracked) prevents people without the password from attaching to your network.
Now I said there are exceptions. I can think of two.
You might actually, intentionally, want to set up a free open access WiFi hotspot. Then, indeed, you probably don't want encryption on the wireless connection because you want anyone in range to be able to connect. Each individual using the network will have to do the right things themselves to make sure that they are safe. This is exactly the danger of a free WiFi hotspot.
Note that I keep saying "anyone in range" - that's the second exception - if you can ensure that no one can actually get in range, then there's no real need to encrypt. Perhaps you live in the middle of a multi-acre parcel of property. The only way someone could get in range (typically within 100 meters) is to actually come on to your property where you'd notice them.
And one last thing: while encryption does, technically, probably slow things down a little, I'd be shocked if you noticed any difference. And besides, the security is more improtant.
Article C2768 - August 24, 2006
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Do I still need encryption if I have restricted access to named PC's/Mac's only? I have disabled SSID broadcasting (so no one can see the router) and given access only to my two laptops - do I still need to use WEP or WPA?
Posted by: Kurt at November 24, 2006 6:25 AMYes. Another computer in range could still be "sniffing" your traffic.
Posted by: Leo Notenboom at November 24, 2006 8:47 AMI enabled WPA-PSK and my connection slowed down and sometimes I even couldn't connect to the network, and also my ping in call of duty was big. Now I disabled it and performance is much better, but also sometimes connection slows down.
Posted by: jerka at March 24, 2008 2:25 PMi happened to come across this thread by chance (first time ive heard of this site). and i thought id post a comment, even if it is pretty old.
kurt: while you probably wont see this, for anyone that is thinking the same question.. yes you should enable encryption even if you limit the router to your devices only and disable broadcasting. People can still grab data packets your sending to your router, these packets can be parsed to grab the router info needed and your mac addy. then its just a case of someone spoofing there own mac address to clone yours and viola, access granted.
@jerka: any encryption will slow down the network, the act of encryption requires cpu cycles and therefore will take longer. However the speed difference should always be negligible, if it is causing serious problems and you can guarantee a good signal (no less than 80% if your playing games) then i imagine either your roter is old and needs upgrading, the routers firmware hasnt been full tested by the creators of it, your own wifi card has problems or theres some other sort of bug (obviously). Theres no clear cut resolution so always take a process of elimination approach, if possible try taking the device to a friends house and use their encrypted and working wifi network, this for a start will tell you if its your router or your device(s).
@leo: you mention in your thread,
"The only way someone could get in range (typically within 100 meters) is to actually come on to your property where you'd notice them."
This isnt technically correct, you can connect to wifi networks from a much larger range than that. In fact when i was doing a little RF research i managed to create a wifi aerial using a booster pack and an old sky parabol dish, i could connect with a 85% signal to my grandmothers house over 5 miles away using that at only 20% of the boosters power being used. Now with so many things similar to this commercially available, and with free spec sheets for anyone who wants to do it themselves relying on a distance factor is not advised.
All in all though a very nice article, always nice to see someone who specifically tells people not to use wep.
Posted by: lee at December 10, 2009 10:48 AMI travel a lot, how do I keep my laptop secure when accessing the internet, or sending files, while at hotels with wireless systems? Is there software I can put on my laptop?
17-Apr-2010
Posted by: philip at April 15, 2010 7:16 PM