Helping people with computers... one answer at a time.

Wireless Encryption is somewhat mysterious. Wireless encryption is something you likely need to keep your network, and your data, secure.

I recently installed a wireless network so I can use my laptop in other areas of my house. I'm a little confused regarding its security. Should I enable encryption or is my firewall enough? I understand from what I have read that encryption will slow down the network.

There are some exceptions, but more often than not, yes, you need encryption.

A firewall gives you certain type of very important protection - but not against the types of issues that a wireless network opens up.

Your firewall is protecting you from intruders up to the point that the firewall lives. For example if you're using a router as your firewall, then it's preventing certain types of attacks from the internet from ever reaching the machines on your local area network. If you're using a software firewall, such as ZoneAlarm, it's doing the same kind of thing, at your machine's network connection. It's preventing machines from exploiting vulnerabilities on your system to infect or otherwise compromise your system.

That's very different than encrypting your wireless connection. There are two issues that remain unresolved: wireless access could allow anyone to connect to your network, and even worse, once on your local network they can start looking at the data you're sending out on the net.

Even with a firewall, if your wireless connection is not encrypted, you're operating the equivalent of a free public-access hotspot. Anyone within range could start using your internet connection without your permission. In fact, anything they chose to do could look like it was coming from your IP address.

"...if your wireless connection is not encrypted, you're operating the equivalent of a free public-access hotspot."

What's worse, is that anyone in range who's connected to your network can run freely available software that can monitor your network activity. They can see your unencrypted data go back and forth - often including your account names and passwords. While your "https" connections are probably safe - they're separately encrypted - your email and email login, for example, probably isn't.

Unless you encrypt. Encryption using WPA (do not use WEP - it's now easily cracked) prevents people without the password from attaching to your network.

Now I said there are exceptions. I can think of two.

You might actually, intentionally, want to set up a free open access WiFi hotspot. Then, indeed, you probably don't want encryption on the wireless connection because you want anyone in range to be able to connect. Each individual using the network will have to do the right things themselves to make sure that they are safe. This is exactly the danger of a free WiFi hotspot.

Note that I keep saying "anyone in range" - that's the second exception - if you can ensure that no one can actually get in range, then there's no real need to encrypt. Perhaps you live in the middle of a multi-acre parcel of property. The only way someone could get in range (typically within 100 meters) is to actually come on to your property where you'd notice them.

And one last thing: while encryption does, technically, probably slow things down a little, I'd be shocked if you noticed any difference. And besides, the security is more improtant.

Article C2768 - August 24, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

7 Comments
Tim Larkin
August 25, 2006 6:53 AM

How does encryption effect online gaming?

Thor Johnson
August 28, 2006 7:58 AM

Some thoughts:
WEP is useless as real encryption (but can serve as a "marker" saying "this is not the access point you're looking for. move along."). Hacked in under 5 minutes at last DefCon, iirc.
WPA seems to be OK for now (last I checked).

Old routers slowed down significantly (~5Mb/s -> 1.2 Mb/s) when WEP was enabled, but I don't know how the current generation fares.

You could also do what I do -- the WiFi access point is on the *public* side of the firewall (so I have 2 firewalls -- the WiFi firewall, and then the inner firewall (also a WRT54G, but the radio is turned off); the public can get to the internet without problems, but to get to the inside network (except for the Laserjet 4), you have to VPN into the "inner network". That makes setting up games a little more interesting if you're on the "inner network"; I keep USB WiFi fobs around to make things easier (plug it in, and you can get on the outer network without a fuss).

Tim:
At my friend's house, we used WiFi + encryption and we were OK playing WOW / GuildWars / HL2, but to get that level of performance (8 guests), we had to get one of the routers with MIMO capability, otherwise it seemed like the HL2 dude was hogging the connection (and we would get laggy when playing with GuildWars).

He was using MAC filtering and WEP-64.

Kurt
November 24, 2006 6:25 AM

Do I still need encryption if I have restricted access to named PC's/Mac's only? I have disabled SSID broadcasting (so no one can see the router) and given access only to my two laptops - do I still need to use WEP or WPA?

Leo Notenboom
November 24, 2006 8:47 AM

Yes. Another computer in range could still be "sniffing" your traffic.

jerka
March 24, 2008 2:25 PM

I enabled WPA-PSK and my connection slowed down and sometimes I even couldn't connect to the network, and also my ping in call of duty was big. Now I disabled it and performance is much better, but also sometimes connection slows down.

lee
December 10, 2009 10:48 AM

i happened to come across this thread by chance (first time ive heard of this site). and i thought id post a comment, even if it is pretty old.

kurt: while you probably wont see this, for anyone that is thinking the same question.. yes you should enable encryption even if you limit the router to your devices only and disable broadcasting. People can still grab data packets your sending to your router, these packets can be parsed to grab the router info needed and your mac addy. then its just a case of someone spoofing there own mac address to clone yours and viola, access granted.

@jerka: any encryption will slow down the network, the act of encryption requires cpu cycles and therefore will take longer. However the speed difference should always be negligible, if it is causing serious problems and you can guarantee a good signal (no less than 80% if your playing games) then i imagine either your roter is old and needs upgrading, the routers firmware hasnt been full tested by the creators of it, your own wifi card has problems or theres some other sort of bug (obviously). Theres no clear cut resolution so always take a process of elimination approach, if possible try taking the device to a friends house and use their encrypted and working wifi network, this for a start will tell you if its your router or your device(s).

@leo: you mention in your thread,

"The only way someone could get in range (typically within 100 meters) is to actually come on to your property where you'd notice them."

This isnt technically correct, you can connect to wifi networks from a much larger range than that. In fact when i was doing a little RF research i managed to create a wifi aerial using a booster pack and an old sky parabol dish, i could connect with a 85% signal to my grandmothers house over 5 miles away using that at only 20% of the boosters power being used. Now with so many things similar to this commercially available, and with free spec sheets for anyone who wants to do it themselves relying on a distance factor is not advised.

All in all though a very nice article, always nice to see someone who specifically tells people not to use wep.

philip
April 15, 2010 7:16 PM

I travel a lot, how do I keep my laptop secure when accessing the internet, or sending files, while at hotels with wireless systems? Is there software I can put on my laptop?

This article covers what you need to consider: How do I stay safe in an internet cafe?
Leo
17-Apr-2010

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.