Wireless network security, sometimes referred to simply as wireless security, is a part of the general network security which ensures the protection of a wireless network from an unauthorized access and malicious attacks.
While wireless network security is usually implemented specifically on wireless devices, mostly a wireless router or a switch, there are plenty of specific wireless intrusion detection systems (IDS) and intrusion prevention systems (IPS).
Some of the most common wireless security standards are the Wired Equivalent Privacy (WEP) and the Wi-Fi Protected Access (WPA).
The Wired Equivalent Privacy (WEP) is the most basic and the least secure security algorithm for IEEE 802.11 wireless networks. Created and ratified together with the original 802.11 standard back in 1997, it uses a key of 10 or 26 hexadecimal digits (40 or 104 bits) and uses two methods of authentication, either Open System authentication or the Shared Key authentication.
Open System authentication does not require the WLAN client to provide its credentials to the Access Point, allowing any device to connect while the Shared Key authentication uses the WEP key in the so-called four-step challenge-response handshake.
As noted, the WEP offers weak security and was only available on first 802.11a and 802.11b devices built before 2004, when it was superseded by Wi-Fi Protected Access (WPA).
The Wi-Fi Protected Access (WPA), which was later upgraded to the Wi-Fi Protected Access II (WPA2), is a more secure wireless network protocols developed by the Wi-Fi Alliance. The WPA protocol uses a lot of the original IEEE 802.11i standard, including the Temporal Key Integrity Protocol (TKIP) which is a “per-packet” key design. This dynamically generates a new 128-bit key for each packet, preventing some types of the attacks. WPA also uses Message Integrity Check, preventing attackers from altering and resending data packets.
WPA has several different versions depending on the actual usage and the used encryption protocol.
The most common version is the WPA-Personal, also known as the WPA-PSK (pre-shared key) version, which is available with both WPA and WPA2 protocols and is designed for home or small office wireless networks that do not rely on an authentication server. Each wireless device on the network derives its own 128-bit encryption key from a 256-bit shared key which can be a string of 64 hexadecimal digits or a set of 8 to 63 printable ASCII characters.
WPA-Enterprise, also available with both WPA and WPA2 protocols, is designed for enterprise networks and require an authentication server. Also known as WPA-802.1x, it offers much more security by using various Extensible Authentication Protocols (EAP) for authentication.
There is also the Wi-Fi Protected Setup (WPS), which is a simplified key distribution method but also has several security concerns.
While WPA relies on Temporal Key Integrity Protocol (TKIP) for encryption, which uses the RC4 stream cipher with a 128-bit per-packet key, dynamically generating a new key for each packet, WPA2 has been upgraded to Counter Mode Cipher Block Chaining Message Authentication Code Protocol, or simply the CCMP (CCM mode protocol) for encryption, which uses Counter Mode with CBC-MAC to protect both data confidentiality and authentication and integrity of the packets.
There are plenty of measures that can ensure additional wireless network security, which include SSID hiding (also known as network cloaking), MAC ID filtering, Static IP addressing, or simple general network restrictions.
The future of wireless network security
While wireless network security has been keeping up with the rising trend, the recently discovered vulnerability of the Wi-Fi Protected Access 2 (WPA2) protocol, called the “key reinstallation attack” and more commonly known as the KRACK, have raised the question if we need a new level or form of wireless security.
While mostly affecting devices running the Android operating system, mostly used on mobile devices, the vulnerability, which is a “man-in-the-middle” type of the attack, discovered by Mathy Vanhoef from the University of Leuven, allowed possible attackers to access data on the network and/or use malicious code. On the other hand, the vulnerability was easily fixed with updates to the system.
On the other hand, there are plenty of network security companies with plenty of both hardware and/or software solutions that can keep the wireless network both protected and secure. According to Gartner’s 2017 Magic Quadrant for wired and wireless LAN access infrastructure, solutions from vendors like Cisco, Aruba, Extreme Networks, Huawei, Dell EMC, Fortinet, and others, are and will keep both wired and wireless networks well secured.