A Complete Guide To Wireless (Wi-Fi) Security

Eytan Raphaely Education

A Complete Guide To Wireless (Wi-Fi) Security

In the modern world it seems as though it would be nearly impossible to function without access to the wireless internet. People everywhere rely on Wi-Fi for everything from entertainment to achieving their goals. But with the ubiquity of the internet comes an underlying danger in the form of hackers who look to exploit security flaws to gain access to your private data and information.

As we continue into a future in which everything from our phone to our refrigerator operates using wireless internet connection, it is becoming increasingly important to understand how to keep our Wi-Fi safe and secure.

In this article we will provide you with everything you need to understand the basics of Wi-Fi security and what wireless security you should use.

What is Wireless Security?

Wireless security is in essence, the prevention of unwanted users from accessing a particular wireless network. More so, wireless security, also known as Wi-Fi security, aims to ensure that your data remains only accessible to users you authorize.

How Does Wireless Security Work?

Wireless Security Protocols such as Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) are the authentication security protocols created by the Wireless Alliance used to ensure wireless security. There are four wireless security protocols currently available.

  • Wired Equivalent Privacy (WEP)
  • Wi-Fi Protected Access (WPA)
  • Wi-Fi Protected Access 2 (WPA 2)
  • Wi-Fi Protected Access 3 (WPA 3)

To be sure your network is secure, you must first identify which network yours falls under.

What Are The Types Of Wireless Security?

As previously mentioned, there are four main types of wireless security protocols. Each of these vary in utility and strength.

Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) is the first security protocol ever put in practice. Designed in 1997, it has become obsolete but is still used in modern times with older devices.

WEP uses a data encryption scheme that is based on a combination of user- and system-generated key values. However, it is widely known that WEP is the least secure network type as hackers have developed tactics of reverse-engineering and cracking the encryption system.

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access (WPA) was developed to deal with the flaws that were found with WEP protocol. WPA offers features such as the Temporal Key Integrity Protocol (TKIP) which was a dynamic 128-bit key that was harder to break into than WEP’s static, unchanging key.

It also introduced the Message Integrity Check, which scanned for any altered packets sent by hackers, the Temporal Key Integrity Protocol (TKIP) and the pre-shared key (PSK), among others, for encryption.

Wi-Fi Protected Access 2 (WPA2)

In 2004, WPA2 brought significant changes and more features to the wireless security gambit. WPA2 replaced TKIP with the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) which is a far superior encryption tool.

WPA2 has been the industry standard since its inception, on March 13, 2006, the Wi-Fi Alliance stated that all future devices with the Wi-Fi trademark had to use WPA2.

WPA2-PSK

WPA2-PSK (Pre-Shared Key) requires a single password to get on the wireless network. It’s generally accepted that a single password to access Wi-Fi is safe, but only as much as you trust those using it. A major vulnerability comes from the potential damage done when login credentials get placed in the wrong hands. That is why this  protocol is most often used for a residential or open Wi-Fi network.

To encrypt a network with WPA2-PSK you provide your router not with an encryption key, but rather with a plain-English passphrase between 8 and 63 characters long. Using CCMP, that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed. Although WEP also supports passphrases, it does so only as a way to more easily create static keys, which are usually composed of the hex characters 0-9 and A-F.

WPA2-Enterprise

WPA2-Enterprise requires a RADIUS server, which handles the task of authenticating network users access. The actual authentication process is based on the 802.1X policy and comes in several different systems labelled EAP.

There are just a few components that are needed to make WPA2-Enterprise work. Realistically, if you already have access points and some spare server space, you possess all the hardware needed to make it happen.

Because each device is authenticated before it connects, a personal, encrypted tunnel is effectively created between the device and the network. The security benefits of a properly configured WPA2-Enterprise grant a near impenetrable network. This protocol is most often used by businesses and governments due its heightened security measures.

Wi-Fi Protected Access 3 (WPA3)

WP3 is introducing the first major changes to wireless security in 14 years. Some notable additions for the security protocol are:

Greater protection for passwords
Individualized encryption for personal and open networks
More security for enterprise networks.

WPA3-PSK

To improve the effectiveness of PSK, updates to WPA3-PSK offer greater protection by improving the authentication process.

A strategy to do this uses Simultaneous Authentication of Equals (SAE) to make brute-force dictionary attacks far more difficult for a hacker. This protocol requires interaction from the user on each authentication attempt, causing a significant slowdown for those attempting to brute-force through the authentication process.

WPA3-Enterprise

WPA3-Enterprise offers some added benefits but overall little changes in terms of security with the jump from WPA2-Enterprise.

A significant improvement that WPA3-Enterprise offers is a requirement for server certificate validation to be configured to confirm the identity of the server to which the device is connecting. However, due to the lack of major improvements, it’s not likely to be a quick transition to WPA3. WPA2 became a standard in 2004, and even today organizations have a difficult time supporting it on their network. That’s why we came up with a solution that provides everything you need for 802.1x.

What are the Main Threats to Wi-Fi Security?

As the internet is becoming more accessible, via mobile devices and gadgets, data security is becoming a top concern from the public, as it should be. Data breaches and security malfunctions can cost individuals and businesses thousands of dollars.

It is important to know the threats that are most prevalent in order to be able to implement the proper security measures.

Man-in-the-Middle Attacks

A man-in-the-middle (MITM) attack is an incredibly dangerous type of cyber attack that involves a hacker infiltrating a private network by impersonating a rogue access point and acquiring login credentials.

The attacker sets up hardware pretending to be a trusted network, namely Wi-Fi, in order to trick unsuspecting victims into connecting to it and sending over their credentials. MITM attacks can happen anywhere, as devices connect to the network with the strongest signal, and will connect to any SSID name they remember.

Interested in learning more about MITM attacks, read another one of our articles here.

 

Cracking and Decrypting Passwords

Cracking and decrypting passwords is an old method that consists of what is known as “A brute force attack.” This attack consists of using a trial and error approach and hoping to eventually guess correctly. However, there are many tools that hackers can use to expedite the process.

Luckily, you can use these same tools to try and test your own network’s security. Software like John the Ripper, Nessus, and Hydra are a good place to start.

Packet Sniffers

Packet sniffers are a computer program that can monitor traffic on a wireless network. They can also intercept some data packages and provide a user with their contents. They can be used to harmlessly gather data about traffic, but in the wrong hands can introduce errors and break down a network.

How Do I Make My Home Wi-Fi Secure?

For your wireless network at home, it is first essential that you choose the network security type  that is most useful. For home wireless, it is recommended that WPA2-PSK be implemented as WPA2-Enterprise is really only needed for organizations or universities with a lot of network traffic.

Other things to consider are for your home Wi-Fi:

  • Changing the default password and SSID
    • Make sure your password is at least 10 characters long, and contains non-alphanumeric characters
  • Enable the router’s firewall
  • Enable MAC address filtering
  • Disable remote administration

Managing Wi-Fi with Digital Certificates

A ton of security issues that wireless networks face stem from a common source, passwords. Passwords introduce the human error element to your network. Passwords can be stolen, lost, or even hacked through MITM or brute force attacks.

Luckily, there is an alternative through the use of certificate based authentication. Passwords rely on keywords or phrases created by the end user. Certificates utilize public-private key encryption to encrypt information sent over-the-air and are authenticated with EAP-TLS, the most secure authentication protocol.

While the costs of maintaining and implementing a PKI infrastructure to allow for certificate authentication may seem daunting, SecureW2 can offer a easy configuration to allow you to easily maintain the most secure network possible

How Do I Protect My Business Wi-Fi Network

WPA2-Enterprise has been around since 2004 and is still considered the gold standard for wireless network security for organizations and universities, delivering over-the-air encryption and a high level of security. In conjunction with the effective authentication method known as 802.1X, users have been successfully authorized for secure network access for many years.

However, when using WPA2-Enterprise in a large scale setting, it can often be difficult to configure and onboard new users.

Onboarding software, such as those offered by SecureW2, eliminates the confusion for users by prompting them with simple steps designed to be completed by anyone regardless of technical  skills. SecureW2 has solutions to make your WPA2-Enterprise network as safe as possible. Check out our pricing information here.


Learn About This Author

Eytan Raphaely

Eytan Raphaely is a 25-year-old currently working in marketing, his true passion is making things that he thinks are really funny, that other people think are mildly funny. He is a recent graduate from the University of Washington where he studied digital marketing. Eytan has been honing his writing skills as an intern for a small studio, a marketing firm, an editor for Literally Media, and other places too.