As wireless networks continue to become more affordable and easier to set up, many users (as well as many companies) still have little regard for just how insecure those networks are. Those users remain unaware that, with the right equipment, just about anyone can hitch a free ride on a wireless Internet connection or read wireless data as it flies through the air.

As I've discussed before, there are some basic precautions you can take to secure your wireless network. One of my suggestions--to enable Wired Equivalent Privacy (WEP)--is now out-of-date, because this security protocol is being replaced with a new one, called Wi-Fi Protected Access (WPA). While WPA isn't the perfect cure I've been hoping for, you should implement it as part of your overall security strategy.

Known flaws within WEP
Why? Because WEP as we know it is flawed. While it may slow down a hacker trying to break into your wireless network or hardware, it won't make the task impossible. The encryption process works like this: a WEP-enabled Network Interface Card (NIC) encrypts data as it leaves your notebook, then the receiving NIC or wireless access point decrypts it, using secret shared keys.

The problem is that someone could monitor your 802.11 devices and, over time, figure out what the secret keys are. Once an individual has the keys, he or she can decrypt and read all the data sent on your wireless network. Making matters worse, some companies issue the same key to a number of employees, meaning a hacker would have to figure out only one key to get access to everybody's information.

I saw a demonstration of this process at the Black Hat USA conference in 2001, in which data frames captured from a wireless network using WEP were analyzed. Using raw data displayed on a grid, a laptop computer, and some informed guesses, the presenter "broke" the WEP encryption by discovering its static key.

WPA to the rescue?
The new protocol, version 1.0 of Wi-Fi Protected Access, solves some of these flaws. Approved by the Wi-Fi Alliance, a nonprofit organization responsible for creating wireless standards and testing 802.11-based networks, WPA is a temporary fix for WEP as the organization works on the still-unfinished 802.11i standard, which will have the WPA 2.0 protocol built in.

In a corporate environment, WPA has many benefits. It takes advantage of 802.1x, the Extensible Authentication Protocol (EAP), and Temporal Key Integrity Protocol (TKIP) encryption to ensure that only properly authenticated wireless users can access a network. WEP couldn't do this--and that's one of the reasons it has remained unacceptable to academic institutions and commercial hot spots, which should be able to adopt WPA.

Even though it can't perform this authentication on networks without specialized servers, WPA also makes sense at home. There, as well as in corporate settings, WPA fixes the static-key problem found in WEP by continuously regenerating the secret keys during wireless sessions. This added randomness should make it much more difficult for others to break into your wireless network and read the data transmitted on it.

Forward compatible
The good news is that WPA can be used with your current wireless hardware. All you need are software and/or firmware updates, which are or will soon be available from several vendors, including Linksys and Netgear. Microsoft recently issued a Windows XP update that includes WPA as an extra layer of wireless protection on all systems using that OS.

Going forward, in order for an 802.11 device to be certified "Wi-Fi compliant," it must conform to the WPA standard. And since WPA is based on early specs for the new 802.11i, later versions of WPA will be compatible with the final 802.11i spec (when it's approved).

Is WPA the final answer to wireless security? No. Already there are rumors that security experts have cracked WPA. But WPA is still a step in the right direction. Only by layering security can wireless networks truly begin to approach the trustworthiness of a wired LAN.

Are you concerned about wireless security? If you have a wireless network, do you have WEP enabled? Why or why not? Will you enable WPA? TalkBack to me!

Senior Associate Editor Robert Vamosi covers hoaxes, viruses, and security threats for CNET Reviews. Have a question for him? Let him know!