Summary: Wireless Encryption is somewhat mysterious. Wireless encryption is something you likely need to keep your network, and your data, secure.
I recently installed a wireless network so I can use my laptop in other areas of my house. I'm a little confused regarding its security. Should I enable encryption or is my firewall enough? I understand from what I have read that encryption will slow down the network.
There are some exceptions, but more often than not, yes, you need encryption.
A firewall gives you certain type of very important protection - but not against the types of issues that a wireless network opens up.
•
Your firewall is protecting you from intruders up to the point that the firewall lives. For example if you're using a router as your firewall, then it's preventing certain types of attacks from the internet from ever reaching the machines on your local area network. If you're using a software firewall, such as ZoneAlarm, it's doing the same kind of thing, at your machine's network connection. It's preventing machines from exploiting vulnerabilities on your system to infect or otherwise compromise your system.
That's very different than encrypting your wireless connection. There are two issues that remain unresolved: wireless access could allow anyone to connect to your network, and even worse, once on your local network they can start looking at the data you're sending out on the net.
Even with a firewall, if your wireless connection is not encrypted, you're operating the equivalent of a free public-access hotspot. Anyone within range could start using your internet connection without your permission. In fact, anything they chose to do could look like it was coming from your IP address.
What's worse, is that anyone in range who's connected to your network can run freely available software that can monitor your network activity. They can see your unencrypted data go back and forth - often including your account names and passwords. While your "https" connections are probably safe - they're separately encrypted - your email and email login, for example, probably isn't.
Unless you encrypt. Encryption using WPA (do not use WEP - it's now easily cracked) prevents people without the password from attaching to your network.
Now I said there are exceptions. I can think of two.
You might actually, intentionally, want to set up a free open access WiFi hotspot. Then, indeed, you probably don't want encryption on the wireless connection because you want anyone in range to be able to connect. Each individual using the network will have to do the right things themselves to make sure that they are safe. This is exactly the danger of a free WiFi hotspot.
Note that I keep saying "anyone in range" - that's the second exception - if you can ensure that no one can actually get in range, then there's no real need to encrypt. Perhaps you live in the middle of a multi-acre parcel of property. The only way someone could get in range (typically within 100 meters) is to actually come on to your property where you'd notice them.
And one last thing: while encryption does, technically, probably slow things down a little, I'd be shocked if you noticed any difference. And besides, the security is more improtant.
Related:
-
Ask Leo! - Recommendation: "Connect Safely - Wireless Security and Privacy Guide"
-
Ask Leo! - If I let my neighbor share my WiFi, can they see my network traffic?
-
Ask Leo! - Can hackers see data going to and from my computer?
-
Ask Leo! - How can I keep my email safe from sniffing?
Article C2768 - August 24, 2006
How does encryption effect online gaming?
Posted by: Tim Larkin at August 25, 2006 6:53 AMSome thoughts:
WEP is useless as real encryption (but can serve as a "marker" saying "this is not the access point you're looking for. move along."). Hacked in under 5 minutes at last DefCon, iirc.
WPA seems to be OK for now (last I checked).
Old routers slowed down significantly (~5Mb/s -> 1.2 Mb/s) when WEP was enabled, but I don't know how the current generation fares.
You could also do what I do -- the WiFi access point is on the *public* side of the firewall (so I have 2 firewalls -- the WiFi firewall, and then the inner firewall (also a WRT54G, but the radio is turned off); the public can get to the internet without problems, but to get to the inside network (except for the Laserjet 4), you have to VPN into the "inner network". That makes setting up games a little more interesting if you're on the "inner network"; I keep USB WiFi fobs around to make things easier (plug it in, and you can get on the outer network without a fuss).
Tim:
At my friend's house, we used WiFi + encryption and we were OK playing WOW / GuildWars / HL2, but to get that level of performance (8 guests), we had to get one of the routers with MIMO capability, otherwise it seemed like the HL2 dude was hogging the connection (and we would get laggy when playing with GuildWars).
He was using MAC filtering and WEP-64.
Posted by: Thor Johnson at August 28, 2006 7:58 AMDo I still need encryption if I have restricted access to named PC's/Mac's only? I have disabled SSID broadcasting (so no one can see the router) and given access only to my two laptops - do I still need to use WEP or WPA?
Posted by: Kurt at November 24, 2006 6:25 AMYes. Another computer in range could still be "sniffing" your traffic.
Posted by: Leo Notenboom at November 24, 2006 8:47 AMI enabled WPA-PSK and my connection slowed down and sometimes I even couldn't connect to the network, and also my ping in call of duty was big. Now I disabled it and performance is much better, but also sometimes connection slows down.
Posted by: jerka at March 24, 2008 2:25 PM