How fast and secured is Wi-Fi?
How secured is Wi-Fi as compared to Wired Network? What are its Pros and Cons?
Software/Hardware used:
Software/Hardware used:
ASKED:
July 24, 2008 7:21 AM
UPDATED:
April 8, 2011 10:40 PM
Answer Wiki:
wi-fi can be more secured than wired networks due to the fact that few companies encrypt wired networks or have client/port authentication mechanisms to grant access. Even though WEP is a weak encryption, access is still granted based on the client having some shared key for access. The challenge for wi-fi is bandwidth. The radio spectrum environment causes the access point to behave more like a hub than a switch although companies like Xirrus are working to correct this fault. This means that behind an AP the link may be 100Mbps the wireless clients are sharing that single connection to the LAN. I see wi-fi as more of a convenience and cost savings on cabling architecture right now until the radio spectrum can be made to work more like the switched wired environment.
++++++++++++++++++++++++++++++++
A lot of security issues are actually actually better answered after determining what the networks are to be wired for. For example, you can put a WPA2-Enterprise security key on a wireless network, but sometimes, the administrative access to access points is handled in an unecrypted way. This is the same scenario for network cameras (a camera sends encrypted data, but the text used to access the camera's interface as admin is unencrypted).
There are all sorts of vulnerabilities that you will face, so it's important to establish external protection. What I mean is secure the heck out of the lines coming into the company because you even decide on LAN or WAN.
To see all answers submitted to the Answer Wiki: View Answer History.
Schmidt – thanks buddy! Good answer. Very true, the day radio spectrum get wider and user gets the desired speed, wired stuff will be replaced by Wi-Fi, but, but, provided the cost factor remains within the limits.
Labunke, Thanks for the reply. The encryption is not an issue I suppose, there are various means to have fully secured encryption.
For the record…WPA standard is just as easy to crack as WEP, if not easier. The only real security is WPA2s.
I was a Crypto Linguist in the USAF and I can tell you that wireless signals are the easiest signals in the world to hack or eaves drop on. Go with the hardwire, and if speed is the issue use fiber. We had so much fun with mobile phones and the wide open radio spectrum. I would reevaluate how secure one thinks any encryption on the radio spectrum is. Any encryption can be hacked and radio is by far the easiest. Fiber is also one of the most secure you know right away when fiber packets are missing.
Hello Jaideep,
Wi fi networks are highly insecure and very easy to tap into. However there are some security settings which will reduce the risk. Firstly you can change the default SSID and enble the option of not broadcasting your SSID. Secondly WPA2 Encrption algorithm should enabled as it will be a detterent for hackers to break in.
WLAN isn’t secure. Period. If you want real security don’t send it over the air where it can be intercepted. It’s as simple as that. (And I work for a wifi company!)
That said, you can lock down WiFi with 802.11x, VLANs, and other security measures to make it “good enough” …though maybe not quite good enough for government work. Further, the reality is your network doesn’t have to be that secure.
The obvious downside of wired is convenience. Not only does it suck to run wires all over the place (if you even can), but the shear annoyance of being tethered frequently overcomes the relatively minor security concerns of wifi.
Would I check my bank account over a public wifi? Not a chance.
Would I do it over cooperate 802.11x wifi?
Sure enough. Would I feel better doing it wired? Yes, but it’s such a pain!
you will need to take into account what sort of traffic will you be generating. for example will you be streaming video wired is always the better option for this but sometimes wired is not possible if you have cameras for example on different sites with a distance between them then wireless would be the better option. security on wireless is easy to break all wep wpa and wpa2 can be broken but if you running wpa2 with radius server now that cant be broken to my knowledge.and yes you can try to hide the ssid and change the name this will throw you everyday script kiddie off the track but not a teckie with a good understanding of networks and armed with a linux based system chances are he is going to get your pass.
another thing you should do is to load intrusion detection on you firewall this will pick up and alert you if anyone is trying to sniff your network or trying to flood it which is another technique that is used. What the flooding will do is it will overwhelm your routers with packets causing the router to reboot and then the attacker will try to grab the first 3 or 4 packets (if i remember correctly) that the router generates with these packets he can get yor pass.
…and enble the option of not broadcasting your SSID.
This needs to be carefully considered along with the type of network and the clients that will attach to it. See, for example, the Microsoft discussion of Why Non-broadcast Networks are not a Security Feature.
Tom
Continuing off-topic
)) …
Hiding the SSID is a typical “security through obscurity” example – and probably it’s not pointless to emphasize once again that it is not “the right thing”™