Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Wireless Encryption: do I need it?

Question:

I recently installed a wireless network so I can use my laptop in other
areas of my house. I’m a little confused regarding its security. Should I
enable encryption or is my firewall enough? I understand from what I have read
that encryption will slow down the network.

There are some exceptions, but more often than not, yes, you need
encryption.

A firewall gives you certain type of very important protection – but not
against the types of issues that a wireless network opens up.

Become a Patron of Ask Leo! and go ad-free!

Your firewall is protecting you from intruders up to the point that the
firewall lives. For example if you’re using a router as your firewall, then
it’s preventing certain types of attacks from the internet from ever reaching
the machines on your local area network. If you’re using a software firewall,
such as ZoneAlarm, it’s doing the same kind of thing, at your machine’s network
connection. It’s preventing machines from exploiting vulnerabilities on your
system to infect or otherwise compromise your system.

That’s very different than encrypting your wireless connection. There are
two issues that remain unresolved: wireless access could allow anyone to
connect to your network, and even worse, once on your local network they can
start looking at the data you’re sending out on the net.

Even with a firewall, if your wireless connection is not encrypted, you’re
operating the equivalent of a free public-access hotspot. Anyone within range
could start using your internet connection without your permission. In fact,
anything they chose to do could look like it was coming from your IP
address.

“…if your wireless connection is not encrypted, you’re
operating the equivalent of a free public-access hotspot.”

What’s worse, is that anyone in range who’s connected to your network can
run freely available software that can monitor your network activity. They can
see your unencrypted data go back and forth – often including your account
names and passwords. While your “https” connections are probably safe – they’re
separately encrypted – your email and email login, for example, probably
isn’t.

Unless you encrypt. Encryption using WPA (do not use WEP – it’s now easily cracked) prevents people without the
password from attaching to your network.

Now I said there are exceptions. I can think of two.

You might actually, intentionally, want to set up a free open access WiFi
hotspot. Then, indeed, you probably don’t want encryption on the wireless
connection because you want anyone in range to be able to connect. Each
individual using the network will have to do the right things themselves to
make sure that they are safe. This is exactly the danger of a free WiFi
hotspot.

Note that I keep saying “anyone in range” – that’s the second exception – if
you can ensure that no one can actually get in range, then there’s no real need
to encrypt. Perhaps you live in the middle of a multi-acre parcel of property.
The only way someone could get in range (typically within 100 meters) is to
actually come on to your property where you’d notice them.

And one last thing: while encryption does, technically, probably slow things down a little,
I’d be shocked if you noticed any difference. And besides, the security is more improtant.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

7 comments on “Wireless Encryption: do I need it?”

  1. Some thoughts:
    WEP is useless as real encryption (but can serve as a “marker” saying “this is not the access point you’re looking for. move along.”). Hacked in under 5 minutes at last DefCon, iirc.
    WPA seems to be OK for now (last I checked).

    Old routers slowed down significantly (~5Mb/s -> 1.2 Mb/s) when WEP was enabled, but I don’t know how the current generation fares.

    You could also do what I do — the WiFi access point is on the *public* side of the firewall (so I have 2 firewalls — the WiFi firewall, and then the inner firewall (also a WRT54G, but the radio is turned off); the public can get to the internet without problems, but to get to the inside network (except for the Laserjet 4), you have to VPN into the “inner network”. That makes setting up games a little more interesting if you’re on the “inner network”; I keep USB WiFi fobs around to make things easier (plug it in, and you can get on the outer network without a fuss).

    Tim:
    At my friend’s house, we used WiFi + encryption and we were OK playing WOW / GuildWars / HL2, but to get that level of performance (8 guests), we had to get one of the routers with MIMO capability, otherwise it seemed like the HL2 dude was hogging the connection (and we would get laggy when playing with GuildWars).

    He was using MAC filtering and WEP-64.

    Reply
  2. Do I still need encryption if I have restricted access to named PC’s/Mac’s only? I have disabled SSID broadcasting (so no one can see the router) and given access only to my two laptops – do I still need to use WEP or WPA?

    Reply
  3. I enabled WPA-PSK and my connection slowed down and sometimes I even couldn’t connect to the network, and also my ping in call of duty was big. Now I disabled it and performance is much better, but also sometimes connection slows down.

    Reply
  4. i happened to come across this thread by chance (first time ive heard of this site). and i thought id post a comment, even if it is pretty old.

    kurt: while you probably wont see this, for anyone that is thinking the same question.. yes you should enable encryption even if you limit the router to your devices only and disable broadcasting. People can still grab data packets your sending to your router, these packets can be parsed to grab the router info needed and your mac addy. then its just a case of someone spoofing there own mac address to clone yours and viola, access granted.

    @jerka: any encryption will slow down the network, the act of encryption requires cpu cycles and therefore will take longer. However the speed difference should always be negligible, if it is causing serious problems and you can guarantee a good signal (no less than 80% if your playing games) then i imagine either your roter is old and needs upgrading, the routers firmware hasnt been full tested by the creators of it, your own wifi card has problems or theres some other sort of bug (obviously). Theres no clear cut resolution so always take a process of elimination approach, if possible try taking the device to a friends house and use their encrypted and working wifi network, this for a start will tell you if its your router or your device(s).

    @leo: you mention in your thread,

    “The only way someone could get in range (typically within 100 meters) is to actually come on to your property where you’d notice them.”

    This isnt technically correct, you can connect to wifi networks from a much larger range than that. In fact when i was doing a little RF research i managed to create a wifi aerial using a booster pack and an old sky parabol dish, i could connect with a 85% signal to my grandmothers house over 5 miles away using that at only 20% of the boosters power being used. Now with so many things similar to this commercially available, and with free spec sheets for anyone who wants to do it themselves relying on a distance factor is not advised.

    All in all though a very nice article, always nice to see someone who specifically tells people not to use wep.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.