WEP EncryptionThis is the oldest method of password verification. 64-bit encryption uses a ten digit alpha-numeric password, and the 128-bit version requires a 28 digit password. Neither can withstand an intruder armed with easy-to-find cracking software, and other security options, including WPA and WPA2, will provide better access control.
WPA EncryptionWireless Protected Access, or WPA, encryption takes the WEP standard two steps further. Most wireless networks now rely on it, and hackers have predictably devised tools to help crack it. WPA passwords can be from 8-32 characters. This password is encrypted to create another password for the router. The front door password will be changed periodically. Both passwords will be needed at the same time to gain access, yet anyone cracking the front door password will start a timer, which can be manually defined.
WPA2 EncryptionWPA2 appears to the user to function exactly the same as WPA. However, WPA2 avoids a problematic algorithm in WPA called the Temporary Key Integrity Protocol. WPA2 instead uses multiple algorithms to accomplish the same task as WPA, and this would make it the obvious first choice.
Some may find WPA2 actually slows the network connection precisely because of the added security in multiple algorithms. It should be easy to test surfing and download speed using each option to determine whether the gain in performance is worth sacrificing a little security.
SSID MaskingAn SSID is the name of your wireless network. If you have a wireless modem, it is possible to see the SSID of all networks in the area. The idea of preventing a break-in by hiding the front door is an appealing one, and SSID masking is a hot topic in wireless security. Despite coming up repeatedly, it is not effective at all.
All router manufacturers now support SSID masking, but it makes little difference. Several freeware utilities are available to perform an action called network scanning. Some of the older versions of utilities, like inSSIDer 1.0 and Kismet, won't show the SSID, but they will provide other information, including the security protocol in use.
Hidden SSIDs can even work against you. They require more effort during setup, and you will experience connection problems. Also, mobile devices will have to ping to find the hidden network. They will continue pinging no matter where you go, and this lets anyone with a network scanner know you have a hidden network at home.
MAC-filteringEvery wireless device with a network adapter has a unique Media Access Control, or MAC, address. It is possible to spoof another device's MAC address, but this requires special software and dedication. Enabling a MAC filter will prevent any device from connecting that is not pre-configured into the system. This can be a pain for visitors trying to access the network, but it creates a more secure environment when used with WPA or WPA2.
Most home networks will be safe by simple virtue of anonymity. Hackers will use network scanners to locate WEP-encrypted networks due to the ease of cracking them, but other security features are generally too much trouble.Photo credit: jimsjunk