{"id":2187,"date":"2021-01-07T09:56:00","date_gmt":"2021-01-07T09:56:00","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=2187"},"modified":"2021-01-11T22:00:15","modified_gmt":"2021-01-11T22:00:15","slug":"what-is-wpa2-how-to-improve-wpa2-security","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/what-is-wpa2-how-to-improve-wpa2-security\/","title":{"rendered":"What Is WPA2 & How Do I Improve WPA2 Security?"},"content":{"rendered":"\n

More than 68% of users rely on this WPA2 Wi-Fi encryption technology, the Wireless Geographic Logging Engine (WiGLE)<\/a> shares. Here\u2019s what to know about WPA2 security for your personal and enterprise wireless networks<\/strong><\/strong>…<\/h2>\n\n\n\n

For a lot of us, the internet is omnipresent. Wireless security may skip our radar while connecting to the public Wi-Fi at coffee shops or the airport to update our social media or reply to emails.\u00a0However, connecting over insecure links or networks is a security hazard that could lead to potential data loss, leaked account credentials, and a litany of other concerns. This is why using the right Wi-Fi security measures is critical. \u00a0But to do that, you need to know the difference between different wireless encryption standards, including WPA2. <\/p>\n\n\n\n

So, what\u2019s the difference between the Wi-Fi at a coffee shop and the one we use in our home or office networks? Let\u2019s break it down!<\/p>\n\n\n\n

How Wi-Fi Works & Why You Need to Secure Your Connections<\/h2>\n\n\n\n

Wi-Fi, the wireless network technology that allows devices to interface with the internet, communicates using radio waves. It\u2019s based on the Institute of Electronics and Electrical Engineers\u2019 standard IEEE 802.11<\/a>. However, this technology is highly susceptible to hacking since weaknesses have been discovered in the protocols upon which they\u2019re based.<\/p>\n\n\n\n

Consider the kind of transactions that occur over the internet via both home and business networks. You could be making online purchases from your home that requires you to enter payment information. At work, you might be accessing sensitive customer data for certain projects. As you can see, both of these networks carry sensitive information that needs to be safeguarded from unauthorized access. This typically involves the use of encryption processes and technologies.<\/p>\n\n\n\n

The need for wireless security arises to prevent any illegal access to maintain data confidentiality and prevent prohibited users from eating away on the connection bandwidth. Unauthorized users can wreak havoc on a network using various means, starting from eavesdropping on the connection to spreading malware across the network. Hackers also can employ a technique called wardriving<\/a>, where they drive around the city mapping Wi-Fi access points<\/a> in search of unsecured networks that they can exploit or use to carry out nefarious activities.<\/p>\n\n\n\n

WPA2 & Other Types of Wireless Encryption Standards<\/strong> Definitions & Explanations<\/strong><\/h2>\n\n\n\n

Let\u2019s look at the different options you can use to secure your networks and the encryption standards that make wireless security possible. As you can see from this timeline, there have actually been several types of wireless security standards that have been in use over the past 20 or so years.<\/p>\n\n\n\n

\"This
A timeline representing the evolution from WEP to WPA3<\/figcaption><\/figure>\n\n\n\n

Wired Equivalency Privacy (WEP)<\/h3>\n\n\n\n

WEP was formally introduced as a Wi-Fi security benchmark in 1999. However, it was part of the original IEEE 80.11 standard ratified in 1997. The idea was to provide a similar level of data confidentiality as wired networks, although that goal wasn\u2019t realized. That\u2019s because WEP uses RC4, a stream cipher<\/a> with multiple vulnerabilities, as its encryption algorithm.<\/p>\n\n\n\n

You see, RC4 relies on an initialization vector to prevent the same plaintext data from generating the same WEP encrypted data. However, the initialization vector is transmitted in plaintext, and by studying enough packets using the same WEP key, an attacker can mathematically derive this key.<\/p>\n\n\n\n

As a result, WEP is the most insecure out of all the encryption standards. WEP offers two modes of authentication:<\/p>\n\n\n\n

  1. Open \u2014 Here, the WEP key is not needed. But if specified, it will be used to encrypt traffic.<\/li>
  2. Shared \u2014 This means that the wireless access points and wireless clients are manually configured with the same key beforehand.<\/li><\/ol>\n\n\n\n

    Wi-Fi Protected Access (WPA)<\/h3>\n\n\n\n

    Wi-Fi protected access, created in 2003, is an improvement over WEP. That\u2019s because it provides enhanced security in terms of key handling and a more efficient user authorization process. WPA was introduced to enhance security for insecure WEP networks without requiring any additional hardware. It relies on the temporal key integrity protocol (TKIP)<\/a> for encryption, which dynamically modifies the keys used. TKIP incorporates key mixing functions that increase the key complexity and make it more difficult for attackers to decode.<\/p>\n\n\n\n

    WPA also incorporates a message integrity check nicknamed \u201cMichael.\u201d Although safer than the CRC-32 checksum<\/a> used for similar integrity checks in WEP, it still has its weaknesses.<\/p>\n\n\n\n

    This brings us to our next type of wireless encryption standard: WPA2. <\/p>\n\n\n\n

    Wi-Fi Protected Access 2 (WPA2)<\/h3>\n\n\n\n

    WPA2, launched in 2004, is the upgraded version of WPA and is based on the robust security network<\/a> (RSN) mechanism. WPA2 operates on two modes \u2014 personal (pre-shared key or PSK) mode or enterprise (EAP\/Radius) mode. As the name suggests, the first is designed for home use while the enterprise mode is typically deployed in a corporate environment. Both of these modes rely on AES-CCMP<\/a>, a combination of counter mode with CBC-MAC message integrity method and AES block cipher for encryption. This makes it more difficult for attackers listening in on the network to spot patterns.<\/p>\n\n\n\n

    Pre-Shared Key or Personal Mode (WPA2-PSK)<\/strong><\/h4>\n\n\n\n

    WPA2 personal uses a shared passphrase for access and is not recommended for a corporate environment. It is usually deployed in home networks where the passphrase is defined in the access point (router), and client devices need to enter the same passphrase to connect to the wireless network. The encryption passphrase is stored on the individual endpoint devices and can easily be recovered. Additionally, every time an employee leaves the organization, or if the passphrase is somehow disclosed, it\u2019ll have to be changed individually on all access points and connecting devices.<\/p>\n\n\n\n

    Enterprise Mode (EAP)<\/strong><\/h4>\n\n\n\n

    The enterprise PA2 has multiple options for Extensible Authentication Protocol (EAP) \u2013 password-based authentication, certificate-based EAP, etc. Note that EAP in and of itself is an authentication framework and can be implemented by adopting various EAP types<\/a>.<\/p>\n\n\n\n

    While WPA2 is a step up from WEP, it\u2019s still vulnerable to key reinstallation attacks<\/a> (KRACK). KRACK exploits a weakness in WPA2\u2019s four-way handshake. An attacker may pose as a clone network and force the victim to connect to the malicious network. This enables the hacker to decrypt a small piece of data that may be aggregated to crack the encryption key. However, client devices can be patched, and it is still more secure than WEP or WPA.<\/p>\n\n\n\n

    This brings us to the next link in the Wi-Fi encryption standards evolution.<\/p>\n\n\n\n

    Wi-Fi Protected Access 3 (WPA3)<\/h3>\n\n\n\n

    WPA3 is now considered the mandatory certification for Wi-Fi CERTIFIED\u2122 devices, according to the Wi-Fi Alliance<\/a>. But what is WPA3 and what makes it different than its WPA2 and WPA predecessors? WPA3 aims to improve some major shortcomings of WPA2 (such as its susceptibility to passphrase brute-force attacks, key reinstallation attacks, etc.). This enables it to provide better security for personal and open networks as well as security enhancements for business networks.<\/p>\n\n\n\n

    A key benefit ofWPA3 is that it provides resilience to brute force attacks even for weak or short passwords. It replaces the WPA2-PSK<\/a> with WPA3 Simultaneous Authentication of Equals (SAE)<\/a>, a secure password-authenticated key exchange method. WPA3-SAE<\/a> does not transmit the password hash in clear and limits the number of guesses an attacker can make. Yet, last year researchers discovered several security flaws (downgrade attacks, side-channel attacks, etc.) in the dragonfly<\/a> handshake used in WPA3 (that replaced the four-way handshake<\/a> used in WPA2).<\/p>\n\n\n\n

    Wi-Fi Alliance has released patches for these vulnerabilities. But given the frequency of Wi-Fi standards failing with KRACK (in the case of WPA2) and dragonblood<\/a>, relying solely on them may not be the smartest choice for securing our networks.<\/p>\n\n\n\n

    5 Tips on Ways to Improve WPA2 Security<\/strong><\/h2>\n\n\n\n

    Many users continue to use WPA2 personal in their home or small business network to access the internet. Here are some pointers you can use to keep your communication secure:<\/p>\n\n\n\n