With so much technical jargon in the field of Information Technology, and even more within the sub-field of Information Security, it can be difficult for an individual or small business owner to know what to look for when purchasing hardware for a wireless network.  In this article I’ll go over why you need to abandon the use of any system using WEP.  So here it is, WEP vs WPA.

WEP stands for "Wired Equivalent Privacy".  The thing that has always struck me as funny about "Wired Equivalent Privacy" is that it is an oxymoron.  There is no inherent privacy on a wired network.  Anyone with software designed to grab traffic off the wire, can see everything that is being sent and received on your wired network (unless you take additional measures to stop that, such as cryptography).

Because of flaws inherent in the WEP algorithm, it can be cracked with modern systems and freely available software in seconds to minutes.  During Wireless Penetration Tests, I have cracked WEP keys in fractions of a second!  WEP should not be in use today in any environment - even the home.  If your wireless router is a few years old, you may need to purchase a more up to date version to fix this issue.

If WEP is not an option, what should I be looking for?  Your wireless access point and your wireless adaptor in your computer should both support either WPA and/or WPA2.  WPA stands for "Wi-Fi Protected Access", and it is the current wireless security standard to protect wireless networks.

StarReviews Top 3 Web Hosting Reviews

1) IPower

2) PowWeb

3) Globat.com

Compare All Web Hosting Reviews

In addition to making sure your hardware supports WPA, it needs to be enabled.  Many personal and SOHO devices only offer a particular WPA implementation known as Pre-shared key mode, or "Personal mode".  This is a suitable level of security for most homes and small businesses, provided that the WPA pre-shared key (i.e. password) is made up of a truly random passphrase containing no less than 13 characters.  To take that security one step further, the SSID, which you can think of as your wireless access point’s station identification, should not be the same as any one of the 1000 SSIDs that exist on the pre-compiled lookup tables computed by the Church of WiFi (a security research group).

For organizations that have information to protect such as:  payroll data, customer lists, intellectual property, etc.  It is best to hire an Information Security Consultant who is listed with ISC(2) as an active CISSP (Certified Information Systems Security Professional).  Such individuals can sometimes be found via freelance websites such as eLance.