WEP or WPA what should I use for my WiFi networks connection

wifi wpa wpa2

My understanding of wireless security protocol strength, starting with most secure:

  • WPA2-AES
  • WPA2-TKIP
  • WPA
  • WEP

Search for WEP cracking and you'll find plenty of tutorials on cracking it in 10 minutes on common PCs. WPA is significantly more difficult to crack, but each version has its weak points. WPA2-AES is considered top of the line last I heard and supported by pretty much all modern routers and OS's.

See these Security Now! past episodes for in-depth explanations:

  • Episode 170, The TKIP Hack
  • Episode 89, Even More Badly Broken WEP

WEP if you want to get hacked.

WPA if you don't.


use WPA2 or WPA

Here is furthere reading on this

Here are a few reasons why use WPA over WEP

WPA vs WEP


At this point there is no good reason to use WEP outside lessons on hacking. WPA is easier to use, safer, and standard on all clients that you'll encounter.


As long as all of your wireless client devices (phones, laptops, PDAs, etc.) support it, use WPA2 with AES encryption instead of WEP.

If you have users with old driver software, operating systems, and wireless cards, you may be limited in what you can do. Most devices that originally supported only WEP can be upgraded via software to support WPA with TKIP, but they may not be able to support WPA with AES or WPA2 with AES.

There are lots of old special-purpose devices out there that may only support WEP. For those legacy devices, you may want to create a separate SSID and VLAN along with super-strict firewall policies.

For personal use, WEP with a "closed network" (where the SSID is not broadcast in beacon frame) is enough to say "this isn't a public network" to keep your honest neighbors from hopping onto your network. It won't keep hackers out, but you are probably more vulnerable to the latest worm/virus than someone trying to hack into your home computer from within a few hundred feet of your house. :)

For office use, you should use WPA2-PSK+AES (pre-shared key) with a strong passphrase at the least. Ideally, you will be able to use "WPA2 Enterprise", which means that you use something more secure and manageable than a shared secret (your domain credentials, a smart card, one-time password, or client certificate) to get onto the network. This will require a RADIUS server and some kind of centralized authentication system.

Related

Best floor of a tall building to locate your server room or data center [closed]
As a system administrator, what Firefox plugin helps you do your job? [closed]
UEFI netboot menu
Unlink Windows 8 MS Account
Disk quota tab not shown for all hard drives in Windows Server SBS 2003
Best practices for settings for Oracle database creation
How do you manage large web farms? [closed]
outlook requiring password after exchange reboot
Oracle 11gR2 - How to recover from normal redundancy when 1 of 2 failure groups goes down
Using Squid as a maven repository
Git push over http (using git-http-backend) and Apache is not working
Varnish "FetchError no backend connection" error