Wireless Security

40 min

Wi-Fi Security Protocols

WIRELESS SECURITY EVOLUTION
───────────────────────────────────────────────
WEP    (1999) → 40/104-bit RC4 — COMPLETELY BROKEN ❌
               Can be cracked in minutes with aircrack-ng

WPA    (2003) → RC4 + TKIP — Improved but still vulnerable ❌

WPA2   (2004) → AES-CCMP — ✅ Secure if strong password
               Vulnerable to KRACK (Key Reinstallation Attack)
               PMKID attack captures hash for offline cracking

WPA3   (2018) → SAE (Simultaneous Authentication of Equals)
               ✅ Resistant to offline dictionary attacks
               ✅ Forward secrecy
               ✅ Current recommended standard
───────────────────────────────────────────────

Common Wireless Attacks

Evil Twin Attack — Rogue AP with same SSID as legitimate network; users unknowingly connect
Deauthentication Attack — Force clients off network; capture 4-way handshake for cracking
PMKID Attack — Capture PMKID from AP beacon; no clients needed for WPA2 cracking
Wardriving — Driving around scanning for unsecured Wi-Fi networks
Karma Attack — Respond to probe requests; device auto-connects to attacker AP

Enterprise Wireless Security

WPA2/3-Enterprise — Uses 802.1X + RADIUS server for per-user authentication
EAP-TLS — Most secure; mutual certificate authentication
Network Segmentation — Separate guest/BYOD/corporate Wi-Fi VLANs
WIDS — Wireless Intrusion Detection System; monitors for rogue APs

📡 Best Practices

Always use WPA3-Personal or WPA2-AES with a 20+ character passphrase. Disable WPS (PIN method is vulnerable). Use guest networks for IoT devices. Regularly audit connected devices.