WEP, WPA, WPA2, MAC Filtering

When we connect to a wireless network (for example, our home Wi-Fi network), many times we have to give a password made up of letters and numbers to validate ourselves. What reason have these passwords? Why do they have this Format specific?

Like any other service, access to Wi-Fi is protected by passwords, so that we can define who we want to enter our network and prevent access to all the rest

Since the beginning of the definition of the IEEE 802.11 Wi-Fi standard, it has had the possibility of incorporating a password to identify yourself in the system, using technologies that have evolved as the user did. Wifi.

The first method it was WEP, born in 1997, along with the same Wi-Fi specification.

The WEP (Wired Equivalent Privacy) uses a password between 40 and 104 bits, and almost from the beginning, it was the subject of controversy due to its lack of security.

Its main problem was that, by automated analysis of a good amount of network traffic, it was possible to end up discovering the password, which is why tools were quickly published that automated the attacks.

Protocol error correction is based on CRC (Cyclic Redundancy Check), which allows altering the information without having knowledge of the key, since only a few bits need to be modified.

That is why WEP is currently deprecated, although it is still possible to find the ability to set a WEP password on routers and access points.

You had to find one solution to the problems of weakness which featured WEP, so in 2003 WPA was born.

WPA (Wi-Fi Protected Access) introduces a new element in the security equation: an authentication server.

This server works with a technology called RADIUS, which allows to distribute a password by Username, although in most cases, a single password is used, since the group of users is very small. It also facilitates access to user accounts.

This is practical, for example, in companies, since it allows a worker to unsubscribe his password, without having to change the password. passwords everyone else, which would be a little chaos. This is what a RADIUS server is for.

The key rises to a total of 128 bits, with the possibility of dynamically changing the encryption keys of the information while the network is being used. Thanks to this, it is able to avoid key recovery attacks by analyzing large groups of packets, since by changing the key from time to time, the work done in the system is lost. hack.

It also incorporates, with respect to WEP, an improved error correction, so that it is not possible to modify the information of each packet without knowing the key.

A 12-character WPA password is said to be secure and, although it is not invulnerable, the amount of computing power and time to invest in discover it, in many cases make the effort useless, as long as it meets the requirements of mixing letters and numbers, capital letters and lowercase.

While remaining vulnerable to certain attacks, WPA authentication greatly improves on WEP and does much more difficult for strangers to intrusion into Wi-Fi networks. WPA2 protection further enhances some aspects of the WPA.

WPA2 authentication (the acronyms correspond to exactly the same words) differs, basically, in the use of AES encryption (Advanced Encryption Standard).

Thanks to the use of AES (which replaces the WPA TKIP), a powerful algorithm encryption, the WPA2 authentication method can meet the requirements in safety of government from United States.

Not all devices are compatible with all authentication and security methods but, whenever possible, we should opt for WPA2 or WPA, to the detriment of WEP. For this, we will have to deal with the configuration of our router or access point.

Regardless of which of these methods we use, there is another thing we can do to ensure our Wi-Fi connections as much as possible.

MAC filtering is an additional security measure in any Wi-Fi network, regardless of the technology used for the Wi-Fi password, and that is based on allowing or denying the connection of each computer based on the card identifier network.

This identifier is the MAC (Media Access Control), a code unique, made up of 48 bits, which is expressed in hexadecimal format (letters and numbers), and which allows the device to be uniquely identified worldwide.

In all routers and access points, we have the possibility to establish a list of MAC addresses allowed, so that only those devices whose MAC appears in the list of admitted.

Photos: Fotolia - Elena / Sila5775

Topics on WEP, WPA, WPA2, MAC Filtering