The article “Why we lie” in the Wall Street Journal has a great statement about why locks are fitted to our doors, and this statement fits well with wireless security.
“Another 1% will always be dishonest and always try to pick your lock and steal your television; locks won't do much to protect you from the hardened thieves, who can get into your house if they really want to. The purpose of locks, the locksmith said, is to protect you from the 98% of mostly honest people who might be tempted to try your door if it had no lock.”
The advice above is similar to some advice I was given by the local crime prevention offices, who said “Make you house look more secure than your neighbours” which whilst good for me may not of been good for my neighbours.
With wireless security we have a range of encryption controls range from the week to the strong, with all but the strongest susceptible to breaking by techniques that can be implemented by most IT literate people, however with wireless security and the vast numbers of access points available often there is an unencrypted or weak protected wireless network nearby.
We encrypted our wireless networks to protect our data and bandwidth; if everyone was honest we would not need to be worried however there are dishonest people and those who for whatever reason decided to borrow wireless bandwidth which results in the need to ensure we adequately protect our wireless networks.
The level of protection needs to be appropriate, implementable, configuring Radius servers and implementing enterprise WPA2 is in the realm of the geek and businesses, for the home user even configuring WEP can be problematic. The use of WPS has made it easier to implement security, however even this has security weaknesses.
However for the domestic user in deciding about the level of encryption they need to look at what are they protecting, whether it’s their network, the connection to the internet, or data being transmitted and look at the threats, is it the next door neighbour, or someone walking past. They should also consider the risks whether it is reduced bandwidth if limits are exceeded, lose of personal identifiable information, compromise of machines on the network, or misuse of network by downloading illegal or undesirable material, and they are impact considerations such as additional costs for excessive data, lose of identity, possible interaction with law enforcement and subsequent reputational lose.
There is also how competent they are or whether could employ or get another person to configure the network for them and if they can maintain the network, by adding new machines to the network or changing the password.
A factor to consider is if there are weakly protected networks around them then all they need to do is to make their network more inaccessible and the risk will move to the less well protected network.