Wireless Security Question

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
I Plan to Stick Around
Posts: 54

Wireless Security Question

I have a dumb question to ask.  When you transmit on a wireless connection is the data encrypted ?  I know the access to the router or the wireless network is controlled by the wireless secutiry (WEP, WAP, etc) that is setup, but is the other transmission over the network secured by encription ?  I was logging into my router from a Mac Book Pro and received a warning that the data will be sent unencrypted.  is this router dependent ?

Thanks.

 

 

***edited labels***

Solved! Go to Solution.
Retired Moderator RogersAsif
Retired Moderator
Posts: 700

Re: Wireless Security Question

Hello @malam 

 

To my knowledge, when you setup security on a router its uses wireless encryption and authentication therefore the data should be encrypted over the network only devices with the correct key should be able to read the data. If you’re running an open network than that message is understandable, but if you have security setup on your router not sure why you got that message.

 

Wireless Encryption and Authentication

Wireless encryption and authentication is at the heart of wireless router security. This feature will scramble your data and only allow laptops with the correct key specified. Better the wireless encryption and authentication technology, the more difficult a hacker will find authenticating and unscrambling the encrypted data. When you assign your wireless router with a key and assign an encryption method, it will scramble the data and only a laptop with the same key can unscramble that data..

 

Check this link for more information on router security options,its a bit old but the information is good. http://www.internet-computer-security.com/Security%20Guides/WirelessGuide/A%20Guide%20to%20Wireless%...

Retired Moderator RogersAsif
Retired Moderator
Posts: 700

Re: Wireless Security Question

Community does anyone have more input they would like to provide ? Smiley Happy

Resident Expert
Resident Expert
Posts: 6,111

Re: Wireless Security Question

Whenever anyone sets up a wireless router these days, there are two security issues that need to be taken care of. The first is the password for the router itself, which will prevent anyone from changing any of the settings without your knowledge. The second is the security for the wireless transmissions.


These days, without going to an enterprise type of security, the most secure for wireless transmission is WPA2 AES. In this case, both sides of the network, ie, the transmitter and receiver need both the network name and passphrase. The encryption for the transmission is a hashed result of both the name and passphrase, which results in encrypted transmissions in both directions.  When you setup the individual 2.4 or 5 Ghz network, you should be using WPA2 AES and use random character network names and passphrases. Once the network is enabled for transmission and the same passphrase is entered into the mobile device, anything that is transmitted between the router and mobile device is encrypted.

 

One of the big problems in router security is the use of simple network names and passphrases. Something simple such as a passphrase like “Katie4ever” can take minutes to break, giving the hacker access to your router and the ability to use your bandwidth, for which you end up paying. While methods such as WPA2 AES are good, they are not infallible.  The longer you make your network name and passphrase, with random characters, numbers and symbols, the harder it is to crack, hopefully to the point where the hacker will move onto a simpler target. The network name length is 32 characters while the passphrase length is 63 random ascii characters or 64 random hex characters. If you are in a position where all you have to do is enter the passphrase into a laptop for example, or you don’t mind keying in long passphrases on a device, use as many characters as possible. You can use the following site to generate random character strings for both the network name and passphrase and simply copy and paste and character strings. Refreshing the page will generate new character strings:

 

https://www.grc.com/passwords.htm

 

So, if you can accept the use of a network name such as:  

 

\;o1~LU<10b(RvRa56>L1sUo2OC!up'^

 

And a passphrase such as  

 

I67PH6s?}I{tO=]gAnvw_)U88_sE+e-b>_B2?/UVqU:3S%efun$>n(^[ZF]7)Gy

 

Your encrypted transmissions will be extremely difficult if not impossible to crack.

 

Just to note, whenever you are logging into any router to change settings, especially wireless settings, you should do that via wired connection.  The last thing you want is to change a wireless setting and find yourself locked out of the wireless side of the router if something goes wrong.  Of course that always happens at the most inauspicious moments.  Fwiw.....



I Plan to Stick Around
Posts: 54

Re: Wireless Security Question

Thanks for the detailed replies.  I do understand the rationale behind a strong password for both the router access and the access to the wireless connection.  I think the warning that I received from my Mac relates to the lack of an encryption when you enter either the password to access the router  or the passphrase to access the wireless connection.  

 

To resolve the first issue, I agree with Datalink to use only a wired connection to access the router for making changes to the settings.  

 

 Once you identify an ecryption method (WAP, etc), the passphrase is encrypted before it is sent on the wireless network. Thanks for the link by RogersAsif on "Authentication and Encryption for wireless routers".

Retired Moderator RogersAsif
Retired Moderator
Posts: 700

Re: Wireless Security Question

@malam No problem glad it helped Smiley Happy

I've Been Around
Posts: 1

Re: Wireless Security Question

 

Your password has two factors which make it secure - the length of the password, and the number of different characters you use.

 

The length of password is under your control (there is probably a minimum-length password required, which is easy to satisfy). Longer passwords are much, much better. As shown before, you need to make your passwords long. You don't need to make them super-human complex. 

 

The number of characters to use is set by whoever requires the password, and they get warm fuzzies by demanding mixtures of upper-case, lower-case, numbers, and special characters. Opening up the eligible character set is an excellent idea. Demanding really cryptic passwords is a really bad idea - people just write them down because they are not usable, and security is defeated.

 

In a perfect world:

  • You would be eligible to use a wide range of characters. This forces a password brute-force attack to test 26+26+10+something characters per position - whether or not you use them you COULD use them, so they need to be tested. Let's say there are 70 possible characters,
  • Don't use a word you can find in the dictionary, no matter how long. Though it would help significantly to use some odd capitalization, and help even more to mis-spell it. Routine substitutions (like 1 for i, 3 for E, @ for a) help, but not terribly much, they are predictable,
  • Don't use any recognizable information, like your address or your kid's name, unless you really munge it up;
  • Make it memorable, so you don't have to write it down, so it is human-friendly, and so you can tell a visitor what to enter and get them onto your WiFi network in less than 30 minutes,
  • Make it long. Really long. Security comes from length, not diversity of characters used. 

While it feels really good to create a long password like

 

jgERjm,g9*&765#hkyu5frjiutyhklolkHfrBghhrfe33%$$32@

 

they are totally human-unfriendly. And that's why humans don't do it. And neither should you. 

 

What is an example of an easy, strong, solid password?

 

imustgotothe-storeandBuyBananas.Tomorrow.

 

That's 42 characters long, is unpredictable, cannot be broken by a dictionary attack. A brute force attack would need to make 70^42 attempts to break it. That's 3.1197348e+77, or bigger than 3 followed by 77 zeroes. If a hacker could do 1,000,000 password attempts per second, for the 13 billion years since the universe was formed, they still need 7.6097033e+53 (7 followed by 53 zeroes) as much more time. You'll be safe. 

 

And use WPA2, with AES.