Let's revisit the Wi-Fi security one more time.
There are the following types of wireless security protocols…
1. WEP (Wired Equivalent Privacy)
It was approved as a Wi-Fi security standard in September 1999. Remained in usage between 1999-2004 and now has been abandoned totally.
Initially WEP was expected to offer the same security level for wireless networks as wired networks do, however there are a lot of well-known issues in WEP, which are easy to exploit. You are advised to not to have any Wi-Fi devices which supports only WEP, they are outdated.
2. WPA (Wi-Fi Protected Access)
It was used as a temporary security enhancement for WEP while the 802.11i wireless security standard was in its development stage.
One year before WEP was officially dropped, WPA was formally adopted. Most WPA applications used a pre-shared key (PSK) that was most often referred to as WPA Personal, and the Temporal Key Integrity Protocol or TKIP for encryption. WPA Enterprise used an authentication server for keys and certificates generation.
Even though WPA was a significant enhancement over WEP, its big issue was that the core components were made so they could be rolled out through firmware upgrades on WEP-enabled devices, so it didn't provide enough security from hacker attacks.
3. WPA2 (Wi-Fi Protected Access version 2)
It was introduced in 2004.
The most important improvement this 802.11i wireless security standard offered over its predecessor was the implementation of the Advanced Encryption Standard (AES). AES was approved by the US government for encryption of their top secret data, which speaks for itself.
The issue with WPA2 is that if an attacker has direct access to a secured network and can gain access to certain keys, they can perform an attack on other devices on the network. This issue is considered significant only for enterprise level networks, smaller and home networks are usually not the target. But it does not mean that home networks cannot be targeted.
-------------------------
A Note on WPA2-Enterprise
-------------------------
WPA2-Enterprise requires a RADIUS server, which handles the task of authenticating network user’s access. The actual authentication process is based on the 802.1X policy and comes in several different systems labeled EAP.
There are just a few components that are needed to make WPA2-Enterprise work. Realistically, if you already have access points and some spare server space, you possess all the hardware needed to make it happen.
Because each device is authenticated before it connects, a personal, encrypted tunnel is effectively created between the device and the network. The security benefits of a properly configured WPA2-Enterprise grant a near-impenetrable network. This protocol is most often used by businesses and governments due to its heightened security measures.
4. WPA3 (Wi-Fi Protected Access version 3)
WPA3 is the next generation of Wi-Fi security...
It is the latest security protocol with top standards. WPA3 protects against dictionary attacks and uses Simultaneous Authentication of Equals handshake, which protects its network from attacks that could be possible with WPA2 in place.
WPA3 is really good on public networks (say in a coffee place), because it automatically encrypts the connection without any need for additional credentials.
-
Which security method will work for your network?
Here's the list of modern (after 2006) security methods used on wireless networks, from best to worst:
1. WAP3
2. WPA2 + AES
3. WPA + AES
4. WPA + TKIP/AES (TKIP as a fallback method)
5. WPA + TKIP
6. WEP
7. Open Network (no security at all)
-
WAP3 vs WAP2
A fundamental weakness of WPA2, the current wireless security protocol that dates back to 2004, is that it lets hackers deploy a so-called offline dictionary attack to guess your password. An attacker can take as many shots as they want at guessing your credentials without being on the same network, cycling through the entire dictionary — and beyond — in relatively short order.
WPA3 will protect against dictionary attacks by implementing a new key exchange protocol. WPA2 used an imperfect four-way handshake between clients and access points to enable encrypted connections; it’s what was behind the notorious KRACK vulnerability that impacted basically every connected device. WPA3 will ditch that in favor of the more secure — and widely vetted — Simultaneous Authentication of Equals handshake.
The other benefit comes in the event that your password gets compromised nonetheless. With this new handshake, WPA3 supports forward secrecy, meaning that any traffic that came across your transmission before an outsider gained access, will remain encrypted. With WPA2, they can decrypt old traffic as well.
-
How To Protect Your Wi-Fi Network?
Security protocols are important, and the later the version the better your network is protected. But it is also crucial to set a solid password for your network. WPA and WPA2 protocols let you set passwords of up to 63 characters. Make your password hard to break by using special characters, lower and uppercase letters and numbers, avoid simple dictionary words.
The best way to go currently is to deactivate Wi-Fi Protected Setup (WPS) and set the router to WPA2 +AES. As you go down the list, you are getting less security for your network. Depending on what security protocols you use the data speed can be affected. WPA2 is the fastest of the encryption protocols, while WEP is the slowest.
Once all your devices support WPA3, you could disable WPA2 connectivity on your router to improve security, the same way you might disable WPA and WEP connectivity and only allow WPA2 connections on your router today.
It is equally important to rightly set the main settings of your Wi-Fi.
-
What Wi-Fi Settings Are the Most Important?
1. SSID
An SSID stands for service set identifier, and it’s the primary name of a Wi-Fi network. SSIDs are up to 32 characters long, and the characters must be ASCII-only, which is a character encoding standard for electronic communication. All routers have a certain default SSID, often corresponding to the name of the manufacturer. As a user, you’re free to change the SSID of your Wi-Fi network as many times as you want to, and you can even make it invisible to prevent others from easily connecting to your network.
2. Security Mode
To provide data confidentiality comparable to that of a traditional wired network, several security standards for wireless networks have been developed, as mentioned above. As a rule of thumb, always use the latest security standard for wireless networks your router supports. If it’s only WEP or WAP, strongly consider buying a new router.
3. Password
Even the strongest standard for wireless networks can be utterly useless if you use a weak password. A password is weak if it can be easily guessed. The weakest passwords are names, dates, or simple phrases. A step above them are passwords that are random but too short.
An ideal password is so long that it can’t be brute-forced in any reasonable amount of time. If you have trouble remembering random strings consisting of letters and numbers, consider using a very long sentence instead, preferably something utterly random and ungrammatical. If you ever find yourself wondering how to set up Wi-Fi password that can withstand the test of time as well as hackers, why not let a random password generator help you out?
4. Channel
The 2.4 GHz band is divided into several channels, 11 in North America.
These channels are sort of like swimming pool lines. When a swimmer in one line swims, the waves he or she creates impact swimmers in adjacent lines. The same thing happens with Wi-Fi networks. When two networks are on the same channel, interference may occur. For this reason, you should configure your Wi-Fi router to broadcast on the least populated channel.
5. NAT
Network address translation (NAT)is a method of remapping one IP address space into another. With NAT, one public IP address can hide a number of private IP addresses.
Many Wi-Fi users encounter NAT-related issues when playing online games, and fixing them requires doing either Port Forwarding or Port Triggering, both of which can be accomplished in the NAT section of most Wi-Fi router management consoles.
6. Quality of Service (QoS)
It is a useful feature of many newer Wi-Fi routers. Essentially, QoS provides the ability to prioritize different applications, users, or data flows to guarantee a certain level of performance. Typically, Wi-Fi users prioritize voice communication or online gaming over file downloads and video streaming.
-
What can you do to protect your home Wi-Fi?
• Change the default password and SSID
• Make sure your password is at least 10 characters long and contains non-alphanumeric characters
• Enable the router’s firewall (if available)
• Enable MAC address filtering
• Disable remote administration
-
Remember though that both the access point (router) and the device you’re using on the internet need to be able to support WPA3 in order for it to work. As of now, most of the internet devices we’re using don’t support WPA3 yet. My advice for enterprises is to use WPA3 if possible. For home users, WPA2 is preferable to WEP.
Eventually cyber attackers will find ways to crack or bypass WPA3 encryption. It’s inevitable. All encryption standards become insecure at some point in time. Another concern is that quantum computers and quantum computer network technology will be a real thing that enterprises and governments will be using in only a few years. Quantum computers will be able to crack all of the encryption we use right now very quickly and easily, including wireless encryption.
-
Please let me know of what do you think about this in the comment section. You can also share with all if the information shared here helps you in some manner.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM