Is it time to throw away your wireless router ?

I am dedicating the first post to a subject that combines two of my favourite topics of interest, Networking and Security. A large number of small business owners have wireless routers at the Office. The ease of setup and the benefits of mobility have made these devices a very popular technology choice for SMBs. Not to mention the cost savings when you choose to bypass the installation of network jacks in all the convenient places in the office.

Taking the laptop home for catching up on work and the flexibility of unplugged internet has made wireless networking one of the fastest growing markets for home use as well. I have seen the number of wireless networks quadruple in my neighborhood in the last three years, most of them running weak security and some even Wide Open.  Most of these are running one of three most common security algorithms WEP, WPA or WPA2.

Which brings me to the point of this post. What if any security are you running on your wireless router ? Do you even know or care ?  WEP (Wired Equivalent Privacy) is over 10 years old and provides very weak and unacceptable security. WPA (WiFi Protected Access) was introduced in 2003 as an interim step to address the security flaws of WEP and now WPA2 is the recommended choice.

WEP at this point is as close to having no security at all. It has become relatively easy to crack WEP security and in a very short time we will see WEP cracking utilities that require no technical expertise on the crackers part.  A search on You-Tube for WEP cracking came up with over 200 videos.

Most WEP based wireless networks can be cracked in less than 10 minutes, and the last weak line of defense in the case of a wireless network becomes the firewall and anti-spyware software running on the PC itself which a lot of times is not up to date or may have been disabled. With the bad guys getting craftier at collecting and using the plethora of corporate and personal information accessed through the web, WPA with a strong password is the minimum that should be running for home use. If you are a business that handles and transmits personal and credit card information over their networks WPA2 or VPN over wireless is an absolute must.

For those of you who would like to read more, I  found interesting information on the state of wireless security on the Radojo and  Roer security blogs along with WIRED Magazine and BBC news.

Start by checking on manufacturers support site to see if your router and wireless network card support WPA and WPA2. If your router is a few years old chances are that you can run both WPA and WPA2. For older devices you may be able to run WPA with a firmware upgrade. If all of this sounds like too much effort then it is time to head down to the local Best Buy or Future Shop and pick up a brand new router that comes with a setup wizard. Make sure to choose WPA2 and start surfing your favourite sites with the assurance that you are protected with the best wireless security algorithm that money can buy which amounts to less than 100 bucks.