Which encryption is better for Wi-Fi. Traditional three -band

Wi-Fi network encryption, which method to choose?

The number of people who actively use the Internet is growing as on yeast: at work to solve corporate goals and administration, houses, in public places. Wi-Fi networks and equipment are distributed that allows you to freely gain Internet access.

Wi-Fi network has a sewn in the form of a password, not knowing which, it will be almost impossible to connect to a particular network, except for public networks (cafes, restaurants, shopping centers, access points on the streets). “Practically” should not be understood in the literal sense: craftsmen who can “open” the network and gain access not only to the router’s resource, but also to the data transmitted within a particular network, enough.

But in this introductory word, we talked about connecting to Wi-Fi-the user authentication (client), when the client device and access point find each other and confirm that they can communicate with each other.

• Open is an open network in which all connected devices are authorized immediately
• Shared. the authenticity of the connected device should be checked by the key/password
• EAP. the authenticity of the connected device must be checked by the EAP protocol by an external server

Router encryption: Methods and their characteristics

Encryption is a scramble algorithm (encramble. to encrypt, mix) transmitted data, change and generation of encryption key

For Wi-Fi equipment, various types of encryption were developed, which made it possible to protect the network from hacking, and data from general access.

To date, several encryption options are highlighted. Consider each of them in more detail.

The following types are distinguished and are the most common:

The first type, referred to as Open, all the information required for cognition contains in the title. To encrypt the data or protect network equipment, this mode will not allow, because the access point will be provided that this type of type is constantly open and accessible to all devices that it will be discovered. Minuses and vulnerabilities of this type of “encryption” are obvious.

If the network is open, this does not mean that anyone can work with it. To use such a network and transmit data in it, you need to coincide the encryption method used. And another condition for using such a network, the lack of a MAC filter that determines the user MAC address in order to recognize which devices is prohibited or allowed to use this network

The second type, he is WEP. It leaves roots in the 90s of the last century, being the ancestor of all subsequent types of encryption. WEP encryption today is the weakest of all existing options for organizing protection. Most modern routers created by specialists and take into account the interests of user privacy do not support WEP encryption.

Among the minuses, contrary to the fact of the presence of at least some protection (in comparison with Open), unreliability stands out: it is due to short-term protection, which is activated at certain time intervals. After this period, the password to your network can be easily selected, and the WEP key will be hacked up to 1 minute. This is due to the battleship of the WEP key, which depends on the characteristics of network equipment from 40 to 100 bits.

The vulnerability of the key key is the fact of transmitting password parts in conjunction with data packages. Interception of packages for a specialist. hacker or cracker. a task easy to implement. It is important to understand the fact that modern software tools can intercept data packages and are created specifically for this.

Thus, WEP encryption is the most unreliable way to protect your network and network equipment.

WPA, WPA2

Such varieties are the most modern and perfect from the point of view of the organization are sewn at the moment. There are no analogues to them. The ability to set any to the user convenient to the user and the digital combination of the WPA key makes life difficult to use to use a specific network or intercept the data of this network.

These standards support various encryption algorithms that can be transmitted after the interaction of TKIP and AES protocols. The AES encryption type is a more advanced protocol than TKIP, and most modern routers are supported and actively used.

WPA or WPA2 encryption is a preferred type for both home use and corporate. The latter makes it possible to apply two authentication modes: checking passwords for access to certain users to a common network is carried out, depending on the set settings, according to PSK or Enterprise mode.

PSK involves access to network equipment and Internet resources when using a single password, which is required to be entered when connecting to the router. This is a preferred option for a home network (local network), the connection of which is carried out in the framework of small areas with certain devices, for example: mobile, personal computer and laptop.

For companies with solid staff of employees, PSK is an insufficiently convenient authentication mode, therefore the second mode was developed. Enterprise. Its use makes it possible to use many keys, which will be stored on a special selected server.

Truly modern and unique technology-WPS, makes it possible to connect to a wireless network using one pressing button. It is pointless to think about passwords or keys, but it is worth highlighting and taking into account a number of serious disadvantages regarding the admission to networks with WPS.

Connection through such technology is carried out when using a key that includes 8 characters. The vulnerability of the type of encryption is as follows: it has a serious mistake that teshors or hackers allows access to the network if at least 4 digits from an eight.digit combination are available to them. The number of attempts to select a password is about several thousand, however, for modern software, this number is ridiculous. If you measure the WPS forcing process in time, then the process will take no more than a day.

It is worth noting the fact that this vulnerability is at the stage of improvement and is amenable to correction, therefore, in subsequent models of equipment with WPS mode, restrictions on the number of attempts to enter, which significantly complicated the task of unauthorized access for those interested in this.

Nevertheless, in order to increase the overall level of security, experienced users recommend fundamentally abandon the technology considered.

What do WEP, WPA and WPA2 mean. what to use

These wireless encryption protocols were created by Wi-Fi Alliance, the Association of Hundreds of Companies in the Wireless Technology industry. The first protocol created by the group was WIRED Equivalent Privacy, introduced in the late 1990s.

WEP, however, had serious security flaws and was replaced by WPA (Wi-Fi Protected Access). Despite the simplicity of hacking, WEP connections are still widely used and can give a false sense of security for many people who “protect” their networks using WEP.

The reason why WEP is still used, either because the network administrator has not changed safety settings on wireless routers, or because the device is outdated and therefore does not support more new encryption methods such as WPA.

Just as WPA replaced WEP, WPA2 replaced WPA as a more modern and reliable security protocol. WPA2 implements the latest security standards, including encryption of state.level data. Since 2006, all certified Wi-Fi products should use WPA2 security.

If you are looking for a new wireless card or device, make sure that it is marked as Wi-Fi Certified what to know that it complies with the latest security standard. For existing connections, make sure that your wireless network uses the WPA2 protocol, especially when transmitting confidential personal or business information.

Using WEP/WPA/WPA2 on the router

During the initial setting, most modern wireless access points and routers allow you to choose a security protocol for use. Although this is good, some people do not want to change standard settings.

The problem associated with the lack of changes in the default security protocol used by the router is that it can use WEP, which is unsafe. Or, even worse, the router can be completely open without any encryption or password.

If you set up your own network, be sure to use WPA2 or at least WPA.

Type 1. Open

As you already understood (and I just said), in fact, Open is the lack of any protection, t.e. Wi-Fi encryption is absent as a class, and you and your router are absolutely not engaged in the protection of the channel and transmitted data.

It is according to this principle that wired networks work. they do not have built.in protection and “crashing” into it or simply connecting to the hub/switch/router, the network adapter will receive packages of all the devices network in this segment in this segment.

However, with a wireless network, you can “crash” from any place-10-20-50 meters or larger, and the distance depends not only on the power of your transmitter, but also on the length of the hacker antenna. Therefore, the open data transfer via a wireless network is much more dangerous, because in fact your channel is available to everyone.

Type 2. WEP (WIRED EQUIVALENT Privacy)

One of the very first types of Wi-Fi encryption is WEP. I went out at the end of 90.x and is, at the moment, one of the weakest types of encryption.

In many modern routers, this type of encryption is completely excluded from the list of possible for choosing:

It should be avoided almost in the same way as open networks. it provides safety only for a short time, after which any transmission can be completely disclosed, regardless of the complexity of the password.

The situation is aggravated by the fact that passwords in WEP are either 40. or 104 bits that there is an extremely short combination and you can choose it in seconds (this is without taking into account errors in the encryption itself).

The main problem of WEP is the fundamental design error. WEP actually transfers several bytes of this key along with each data package.

Thus, regardless of the complexity of the key, it is possible to reveal any gear simply by having a sufficient number of intercepted packages (several tens of thousands, which is quite small for the actively used network).

The history of security protocols

The safety of the wireless network has changed over time to become more reliable, but at the same time easier in terms of its configuration. Since the appearance of Wi-Fi, we have gone from the WEP protocol to the WPA3 protocol. Let’s recall the history of the development of these security protocols.

Wired Equivalent Privacy (WEP)

The first security protocol was called Wired Equivalent Privacy or WEP. This protocol remained the security standard from 1999 to 2004. Although this version of the protocol was created to protect, however, it had a sufficiently mediocre level of security and was difficult to set up.

At that time, the import of cryptographic technologies was limited, which meant that many manufacturers could use only 64-bit encryption. This is a very low bit encryption compared to 128-bit or 256-bit options available today. Ultimately, the WEP protocol did not develop further.

Systems that still use WEP are not safe. If you have a system with WEP, it should be updated or replaced. When connecting to Wi-Fi, if the WEP protocol is used in the institution, then your Internet active will not be safe.

Wi-Fi Protected Access (WPA)

To improve the WEP functions in 2003, a Wi-Fi Proteded Access or WPA protocol was created. This improved protocol still had relatively low safety, but it was easier to set up. WPA, unlike WEP, uses the Temporary Integrity Protocol (TKIP) protocol for safer encryption.

Since Wi-Fi Alliance made a transition from WEP to a more advanced WPA protocol, they had to save some WEP elements so that the old devices were still compatible. Unfortunately, this means that such vulnerabilities as the Wi-Fi Protexted setup function, which can be hacked relatively easily, are still present in the updated version of WPA.

Wi-Fi Protected Access 2 (WPA2)

A year later, in 2004, a new version of the Wi-Fi Protected Access 2 protocol became available. WPA2 has a higher level of security, and it also is easier to configure compared to previous versions. The main difference in WPA2 is that it uses an improved encryption standard Advanced Encryption Standard (AES) instead of TKIP. AES is able to protect super-secret government information, so this is a good option for ensuring Wi-Fi safety at home or in the company.

The only noticeable vulnerability of WPA2 is that as soon as someone gets access to the network, it can attack other devices connected to this network. This may become a problem if the company has an internal threat, for example, an unfortunate employee who is able to hack other devices on the company’s network (or provide their devices for these purposes to professional hackers).

Wi-Fi Protected Access 3 (WPA3)

As vulnerabilities are detected, appropriate changes and improvements are made. In 2018, Wi-Fi Alliance introduced the new WPA3 protocol. As expected, this new version will have “new functions for simplifying Wi-Fi safety, ensuring more reliable authentication and increasing cryptographic stability for highly sensitive data”. The new WPA3 version is still being introduced, so the equipment certified to support WPA3 is not yet available for most people.

WPA against WPA2: How do they differ

WPA and WPA2 protocols are the most common security measures that are used to protect wireless Internet. Given this, we compared the difference between WPA and WPA2 so that you can choose the right option for your situation.

When comparing WPA and WPA2, the WPA2 protocol will be the best option if your device can support it.

Why is someone choosing WPA?

The WPA protocol has a less secure encryption method and requires a shorter password, which makes it a weaker option in terms of security. There is no corporate solution for WPA, since it is not safe enough to support use in companies. However, if you have an older software, WPA can be used with minimal computing power and this protocol can become a more acceptable option for you than the old WEP protocol.

Why is it better to choose WPA2?

WPA2 protocol. This is an updated version of WPA, which uses Aes encryption and long passwords to create a secure network. WPA2 has versions for personal and corporate use, which makes it the perfect option for both home users and enterprises. However, more computing power is required to work this protocol, therefore, if you have an old device, that protocol may work on it slowly or not to work at all.

Regardless of which option is best suited for you, it is important that you ensure safety to your device, correctly protecting your Wi-Fi connection. If your router does not support the safest encryption method, consider using VPN to encrypt your connection. Free VPN from Panda Security can help you safely and confidentially travel on the Internet from anywhere in the world.

What is WPA2 and WPA3

WPA2 is the second version of the wireless security standard. Literally, the abbreviation is deciphered as Wi-Fi Protected Access-protected access to Wi-Fi. The standard includes a number of protocols and encryption algorithms.

WPA3 is a long.awaited update, which is still not enough, but is already found in the router market. Compared to the predecessor, I note the advantages:

• improved protection against password selection by vocabulary;
• data encryption, regardless of password;
• ensuring safe connection of smart equipment (refrigerators, TVs and.t.P.);
• Adding 192-bit encryption, which significantly increases the level of security.

AES or TKIP: which is better

AES and TKIP are encryption methods that are part of the WPA2 security standard. TKIP (protocol of the integrity of the temporary key) is more old. Uses a 128-bit key to encrypt data, which is equivalent to 500 billion possible variations. Despite the apparent impressive number, this is not the best indicator. In addition, there are some vulnerabilities that theoretically can allow hackers to decipher the key when intercepting a gross amount of traffic.

AES is deciphered as a symmetrical block encryption algorithm. It is a 128-bit, 192-bit or 256-bit block cipher, which has no vulnerabilities that TKIP has. Even a 128-bit cipher provides high reliability, since its decoding requires significant computing power and can go away several hundred years to decrypt.

That works faster

TKIP can slow down the Wi-Fi network, so most modern routers use WPA2-AES. For example, when encrypting WPA-TKIP, the maximum speed will not exceed 54 Mbit/s. While the standard 802.11ac with encryption WPA2-AES implies theoretically maximum speed of up to 3.46 Gbit/s.

So the choice is obvious. AES provides higher speed and better safety, which is trusted by the world’s largest organizations in their Wi-Fi networks.

PSK posting (Personal Security Key) to the standard deciphered as a personal security key and is recommended for use at home wireless networks.

ESK (Enterprise Security Key) is also found. a corporate changing key. If in the case of WPA2-PSK there will be one password for all connected devices, then when using WPA2-ESK for each device, its own key is issued, which usually also automatically changes after some time. The connection is not interrupted at the same time, and a separate authorization server is responsible for the distribution of personal keys. Radius.

How Wi-Fi works

Wi-Fi uses radio frequencies to transmit data. He uses the same principle as any other technologies working with electromagnetic waves, including the radio itself.

The broadcasting stations AM and FM use frequencies measured in megagers (MGC), Killers (KHC) or even below. Wi-Fi, on the other hand, uses much higher speeds measured in gigaigers (GHC).

In particular, Wi-Fi uses the frequencies of 2.4 GHz, 5 GHz, 6 GHz and (rarely used) 60 GHz. Below you will find additional information about this. However, in order to understand the frequencies, we need to know what Herz is, in particular, what is 1 hertz.

What is Herz?

Henry Hertz. a German physicist who convincingly proved the existence of electromagnetic waves at the end of the 19th century, what we now consider to be granted.

A unit of measurements was called in his Honor. Hertz. that is, the number of rowers of radio waves. or wave cycles. in 1 second.

Fill the bath with water. Wait for the surface to calm down. Now add a small rubber duck. Please note that waves spread out. Choose any. Calculate how many times the wave reaches the highest point in a second. If this is once, you will receive 1 hertz; twice means that you have 2 hertz and so on.

Okay, do not bother yourself with accurate calculations, this is too much, but you understand the idea.

Then it becomes a little heavier. This is because Wi-Fi uses frequencies in the GHz. For example, 5 GHz means that in a second the wave passes 5,000,000,000 crests. This is too much to calculate, so take my word for my word!

The higher the frequency, the lower the distance between the two consistent crests of the wave, which means the smaller length that the wave itself can pass. However, this also means that you can fit more information in it.

And this information moves between parts of the Wi-Fi equipment. Let’s find out what it is.

Wi-Fi networks

To use Wi-Fi, we need a signal transmitter and receiver. These are the two ends of the network connection. In particular, the first radiates Wi-Fi signals so that the latter captures them and form a wireless connection.

To do this, the broadcaster can make Wi-Fi with an open network so that any customers can connect to it, or a safe network in which only authorized customers can connect using a password. (Read more about this in the WPA Wi-Fi WPA section below.)

This mode, called “Infrastructure”, is the main way to use Wi-Fi: one broadcasting station can transmit a signal to several receivers, but the receiver can simultaneously connect to only one broadcasting station.

Technically, you can configure two techniques for connecting in “AD-HOC” mode. But this regime has little practical use.

As a rule, the Wi-Fi broadcaster is always called a wireless access point (WAP) or access point (AP) for brevity. However, more often you come across Wi-Fi routers. These are standard routers with built.in access points.

There is always a Wi-Fi adapter in the receiver. In most cases, you do not see a real adapter, since it is inside the device (laptop or smartphone) that you use. But if you have a computer without a built-in Wi-Fi (or Wi-Fi of the standard you need), you can quite easily add or update.

Device-a computer or a mobile phone-with a built-in Wi-Fi function is called a Wi-Fi client or simply Wi-Fi device.

All Wi-Fi receivers and receivers have antennas. If you do not see them, then they are hidden inside or mixed with other (metal) parts of the device.

When we have a broadcaster and receiver, the Wi-Fi connection speed depends on the Wi-Fi standard they use.

AES against TKIP

TKIP and AES are two different types of encryption that can be used by the Wi-Fi network.

TKIP is a more old encryption protocol introduced with WPA to replace the unprotected encryption of WEP. TKIP, in fact, is very similar to WEP shift. TKIP is no longer considered safe and belongs to obsolete.

In other words, you should not use TKIP.

AES is a safer encryption protocol introduced with WPA2. AES is not some hard standard designed specifically for Wi-Fi networks. This is a serious world encryption standard, which is used even by government institutions. For example, when you encrypt a hard drive using TrueCrypt, Aes encryption can be used for this.

AES is considered quite safe, and the main disadvantages may be the susceptibility to attack with rough force and safety violations in other aspects of WPA2.

A short explanation is that TKIP is an older encryption standard used in the old WPA. AES is a new Wi-Fi encryption solution used by a new and safe WPA2 standard. Theoretically, this is the end! But, depending on your router, the choice of WPA2 may not be a good solution.

Although WPA2 should use AES to ensure optimal safety, it can also use TKIP when reverse compatibility with outdated devices is needed. In this state, the devices supporting WPA2 will be connected to WPA2, and the WPA devices will be connected to WPA. Therefore, “WPA2” does not always mean wpa2-aes. However, on devices without a visible option “TKIP” or “AES” WPA2 is usually a synonym for WPA2-AES.

Wi-Fi security modes

Not yet confused? All you really need to do is choose one, the safest option in the list that works with your devices.

Here are the options that you will probably see on your router:

• Open (risky): There are no code phrases in open Wi-Fi networks. You should not configure the open-out Wi-Fi network-it’s like taking off the lock from the front door.
• WEP 64 (risky): the old standard of the WEP protocol is vulnerable, and you should not use it.
• WEP 128 (risky): This is the same WEP, but with a large encryption key size. In fact, it is so vulnerable as WEP 64.
• WPA-PSK (TKIP): The initial version of the WPA protocol is used (essentially WPA1). It was replaced by WPA2 and is not safe.
• WPA-PSK (AES): The original WPA protocol is used, but TKIP is replaced by more modern AES-shifting. It is proposed as an intermediate option: devices supporting AES almost always support WPA2, and devices requiring WPA will almost never support Aes encryption. Thus, this option makes little sense.
• WPA2-PSK (TKIP): A modern WPA2 standard with old TKIP encryption is used. This is unsafe and suitable if you have old devices that cannot connect to the WPA2-PSK network (AES).
• WPA2-PSK (AES): This is the safest option. He uses WPA2, the latest Wi-Fi encryption standard and the latest Aes encryption protocol. You must use this parameter. On some devices you will simply see the option “WPA2” or “WPA2-PSK”. If you do this, will probably use AES, as this is the choice of common sense.
• WPAWPA2-PSK (TKIP/AES): Some devices offer and even recommend this mixed mode option. This option allows you to use both WPA and WPA2, both TKIP and AES. This provides maximum compatibility with any ancient devices that you can have, but also allows attackers to penetrate your network, hacking the more vulnerable protocols WPA and TKIP.

WPA2 certification became available in 2004. Since 2006, WPA2 certification has become mandatory. Any device made after 2006 with the Wi-Fi logo must support WPA2 encryption.

Since your Wi-Fi devices are most likely not older than 10 years, you will not experience problems when choosing WPA2-PSK (AES). If the device stops working, you can always change it. Although, if your safety is important to you, it is better to buy a new device released after 2006.

What type of encryption to choose for Wi-Fi router?

At independent setting of the router The question often arises: what type of encryption Wi-Fi choose for a home router. It would seem a trifle, but with incorrect parameters, to the network mobile devices will stop connecting, And with the transmission of information on the Ethernet Cabel, problems may arise.

Therefore, here we will consider what types of data encryption are supported by modern Wi-Fi routers, and how the AES encryption type differs from the popular WPA and WPA2.

Type of encryption of wireless network: how to choose a protection method?

So, there are 3 types of encryption in total:

The type of encryption of WEP appeared in the distant 90s and was the first option for protecting Wi-Fi networks: it was positioned as an analogue of encryption in wire networks and used the RC4 code. There were three common algorithms for encryption of transmitted data. Neesus, Apple and MD5. but each of them did not provide the proper level of security. In 2004, IEEE announced the standard outdated due to the fact that it finally ceased to ensure the security of the network connection. At the moment, this type of encryption for Wi-Fi is not recommended, t.to. it is not crypto.resistant.

• 2. WPS is a standard that does not provide for use password for connecting to a wireless network. To connect to the router, just click on the corresponding button, which we talked about in detail in the article WPSOn the router: what is it.

Theoretically, WPS allows you to connect to the access point on the eight.digit code, but in practice only four are often enough.

This fact is calmly used by numerous hackers, which are quickly (in 3 to 15 hours) hack Wi-Fi networks, so it is also not recommended to use this connection.

Much better things are with WPA encryption. Instead of a vulnerable RC4 code, Aes encryption is used here, where password length is arbitrary (8. 63 bits). This type of encryption provides a normal security level, and is quite suitable for simple Wi-Fi routers. over, there are two of its varieties:

-type PSK (Pre-SHHARED KEY)-connection to the access point is carried out using a predetermined password Enterprise. the password for each node is generated automatically with a check on Radius servers.

WPA2 encryption type is a continuation of WPA with safety improvements. This protocol uses RSN, which is based on encryption AES.

Like WPA encryption, the WPA2 type has two operating modes: PSK and Enterprise.

Since 2006, the type of encryption of WPA2 has been supported by all Wi-Fi equipment, the corresponding geo can be selected for any router.

Advantages of WPA2 encryption in front of WPA:

How to get information about the type of network security

In Windows 10

• In the task panel, find a symbol of connection to Wi-Fi and mark it.
• After that, find the column “current wi-fi connections” and click the “Properties” tab.
• Enter the “Information about the connection of Wi-Fi”.
• Further. to the “Type of Security” department. It contains information about the wireless network.

In MacOS

• Click on “Option”.
• In the toolbar, mark the symbol “Wi-Fi”.
• After that, there will be information about the wireless network that you use, including the option of its protective regime.

In Android

• Enter the “Settings” on the smartphone.
• Find the Wi-Fi tab.
• Go to the line where your router is indicated, and study all its parameters.
• There you can also find out the type of wi-fi network protection mode.

The principle of action to access this window may have differences in various devices.

In the iPhone

In iOS, it is impossible to check the security mode Wi-Fi. To do this, you will have to use the PC or enter the settings of the router through another phone.

Each separate router model has certain differences. Therefore, it will be necessary to study the related documents to the apparatus. In the case when the router setup was carried out by a company providing communication services (provider), then you should consult it for advice.

Safety types on the router

Currently versions of Wi-Fi 802.11 “B” and “G”, with maximum speed parameters up to 54 megabits per second, are obsolete. For this reason, they are practically not applied. Modern technologies include 802.11 “N” and “AC” with a speed mode of more than three hundred megabits per second. The use of the protective method of WPA/PSK with the installation of the TKIP version is ineffective and meaningless.

When performing a wireless channel configuration, you need to configure the type of network security on laptops and other devices in factory settings mode: WPA2/PSK. AES.

The “auto” mode is also set in the format of encryption option, to try to connect the device, which has an outdated Wi-Fi adapter. The WPA network key (security key to enter the wireless communication system) is required to have at least 8 and no more than 32 signs, including the capital, lowercase letters of the English alphabet and other special designations.

TP-Link Wi-Fi Protection Settings

In updated versions of the TP-LINK software software, the encryption of encryption of the network system is located in the “Additional Settings” tab-“Wireless mode”. In obsolete devices, the Wi-Fi configuration menu is located in the “Wireless Main” window-“Protection”.

Safety on the Zyxel Keenetic router

It is necessary to find the item “network Wi-Fi”-“access point”.

In Keenetic devices, changing the options for encryption option Wireless Security can be in exile in the “home network”, finding it in the settings panel.

Configuration of the defense of the router D Link

You need to find the Wi-Fi tab and go to the column “Safety”. In it, set the selected type of regime.

From this description it becomes clear what WPA2, WEP, WPA, WPA2-PSK, AES and TKIP are. It is also clear that when installing the type of encryption to protect the Wi-Fi wireless network, you need to choose an option characterized by the greatest efficiency and reliability.

We briefly described the types of safety and encryption, what type you need to choose. If you need additional information, you can write in the Комментарии и мнения владельцев, or by e.mail by going into contacts. We will answer you quickly.