Wireless Encryption

Important

The chief method of protecting traffic on your wireless network is with encryption.

Types of Wireless Encryption

WEP is the original privacy component of the IEEE 802.11 wireless standard.

WPA was designed as a short-term fix for WEP until a more secure solution was created.

implemented as a firmware upgrade to WEP devices
still uses RC4 cipher, but the IV (initialization vector) is now an encrypted hash
uses TKIP (Temporal Key Integrity Protocol) to dynamically change the encryption key
superseded by WPA2 in 2006
compromised

WPA2 is the long-term replacement for WEP and WPA as part of the IEEE 802.11i Standard

introduced in 2006
uses AES
uses CCMP which replaces the weaker TKIP
Key Reinstallation Attack (KRACK) vulnerability found in 2017
- vendor patches have been released to address this issue
secure if up-to-date and patched

WPA3 was released by the Wi-Fi Alliance in 2018

made mandatory in 2020 for device certification
uses Simultaneous Authentication of Equals (SAE) as a means to more securely handle the initial key exchange to address the WPA2 KRACK vulnerability
- found to still be vulnerable to KRACK
- patches deployed
- not an issue for devices after 2021
If your device supports WPA3, use it

Benefits of WPA3

easier to setup client devices

stronger encryption

improved protections against brute-force and eavesdropping

WPA access points can be setup in 2 modes:

Personal mode is good for small wireless networks without an authentication server.

Enterprise mode

WPA-802.1x Standard
- gives functionality to authenticate via a central authentication server (e.g. Windows Active Directory)
Requires use of RADIUS authentication server
- uses EAP (extensible authentication protocol) for authentication
- authenticates wireless users to Active Directory
Basically… uses an authentication server called RADIUS which uses EAP to authenticate wireless users via Active Directory

Public wireless networks are insecure, and other users can potentially see your data if not encrypted.