Wifi is the technology6355444543 for wireless LAN. It is built based on the IEEE 802.11 standard. It started small but it has becomes the major standard for connecting endless devices without using cables. One major problem with Wi-fi is that anyone listening can actually discover what is being communicated. At the onset, the authenticated and privacy protocol for Wifi was very poor. In this article, I want to tell you all that you need to know about Wi-fi Technologies.
Wired Equivalent Privacy (WEP)
Wired Equivalent Privacy (WEP) is the most widely used Wi-Fi security protocol in the world. This is a function of age, backwards compatibility, and the fact that it appears first in the protocol selection menus in many router control panels.WEP was ratified as a Wi-Fi security standard in September of 1999.
The first versions of WEP weren’t particularly strong, even for the time they were released, because U.S. restrictions on the export of various cryptographic technology led to manufacturers restricting their devices to only 64-bit encryption. When the restrictions were lifted, it was increased to 128-bit. Despite the introduction of 256-bit WEP, 128-bit remains one of the most common implementations.
Despite revisions to the protocol and increased key size, over time numerous security flaws were discovered in the WEP standard. As computing power increased, it became easier and easier to exploit those flaws.
As early as 2001, proof-of-concept exploits were floating around, and by 2005, the FBI gave a public demonstration (in an effort to increase awareness of WEP’s weaknesses) where they cracked WEP passwords in minutes using freely available software. Despite various improvements, workarounds, and other attempts to shore up the WEP system, it remains highly vulnerable.
Systems that rely on WEP should be upgraded or, if security upgrades are not an option, replaced. The Wi-Fi Alliance officially retired WEP in 2004.
Wi-fi Protected Access (WPA)
Wi-Fi Protected Access (WPA) was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP standard. WPA was formally adopted in 2003, a year before WEP was officially retired. The most common WPA configuration is WPA-PSK (Pre-Shared Key). The keys used by WPA are 256-bit, a significant increase over the 64-bit and 128-bit keys used in the WEP system.
Some of the significant changes implemented with WPA included message integrity checks (to determine if an attacker had captured or altered packets passed between the access point and client) and the Temporal Key Integrity Protocol (TKIP). TKIP employs a per-packet key system that was radically more secure than the fixed key system used by WEP. The TKIP encryption standard was later superseded by Advanced Encryption Standard (AES).
Despite what a significant improvement WPA was over WEP, the ghost of WEP haunted WPA. TKIP, a core component of WPA, was designed to be easily rolled out via firmware upgrades onto existing WEP-enabled devices. As such, it had to recycle certain elements used in the WEP system which, ultimately, were also exploited.
WPA, like its predecessor WEP, has been shown via both proof-of-concept and applied public demonstrations to be vulnerable to intrusion. Interestingly, the process by which WPA is usually breached is not a direct attack on the WPA protocol (although such attacks have been successfully demonstrated), but by attacks on a supplementary system that was rolled out with WPA—Wi-Fi Protected Setup (WPS)—which was designed to make it easy to link devices to modern access points.
Wi-fi Protected Access II
WPA has, as of 2006, been officially superseded by WPA2. One of the most significant changes between WPA and WPA2 is the mandatory use of AES algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP. However, TKIP is still preserved in WPA2 as a fallback system and for interoperability with WPA.
Currently, the primary security vulnerability to the actual WPA2 system is an obscure one (and requires the attacker to already have access to the secured Wi-Fi network in order to gain access to certain keys and then perpetuate an attack against other devices on the network). As such, the security implications of the known WPA2 vulnerabilities are limited almost entirely to enterprise-level networks and deserve little to no practical consideration in regard to home network security.
Unfortunately, the same vulnerability that is the biggest hole in the WPA armour—the attack vector through the Wi-Fi Protected Setup (WPS)—remains in modern WPA2-capable access points. Although breaking into a WPA/WPA2 secured network using this vulnerability requires anywhere from 2-14 hours of sustained effort with a modern computer, it is still a legitimate security concern. WPS should be disabled and, if possible, the firmware of the access point should be flashed to a distribution that doesn’t even support WPS so the attack vector is entirely removed.
Wi-fi Protected Access III
The Wi-Fi Alliance has introduced the first major security improvement to Wi-Fi in about 14 years: WPA3. The most significant additions to the new security protocol are greater protection for simple passwords, individualized encryption for personal and open networks, and even more secure encryption for enterprise networks.
The original Wi-Fi Protected Access (WPA) standard was released back in 2003 to replace WEP, and the second edition of WPA came the year after. The third edition of WPA is a long-awaited and much-welcomed update that will benefit the Wi-Fi industry, businesses, and the millions of average Wi-Fi users around the world—even though they might not know it.
WPA3 was announced in January and made official with the June launch of the Wi-Fi Alliance’s certification program for WPA3-Personal, which provides more individualized encryption, and WPA3-Enterprise, which boosts cryptographic strength for networks transmitting sensitive data.
Along with these two deployment modes, the Wi-Fi Alliance also unveiled Wi-Fi Easy Connect, a feature that’s supposed to simplify the process of pairing Wi-Fi devices without displays, such as IoT devices; and Wi-Fi Enhanced Open, an optional feature that allows for seamless encryption on open Wi-Fi hotspot networks.
Because of the problem with Wifi which includes the fact that the authentication process can be compromised and the fact that it is easy to listen to the conversations. That is why Wifi Protected Access (WPA) was introduced.
This does not solve the common network security problem. The Wifi Protected Access 2 was introduced to address some of the flaws. It was introduced by the National Institute Of Standard and Technology.
The WPA II was based on the Advanced Encryption Standard. It has two levels of authentication. The first level used shared passwords for authentication and the second level is the enterprise standard. This used the 802.1x authentication method. WPA 3 was introduced in 2003. With this authentication and security, Wifi is still vulnerable if necessary precautions are not taken.
Hackers capabilities
At times, Hackers can set up an access point in public places in order to steal data from those that connect to that network. This is always referred to as Honeypots. When these are set up, it is also very easy for hackers to have access to whatever you are doing online. Never use default passwords for your wifi and if you are connecting to an organization’s wifi, always find out the correct credentials and passwords from the right person in the organisation. Make sure you invest and buy a travel charger to carry with you wherever you are doing.
Make sure you keep an eye on your home network and you identify devices that are accessing your home network. Note that if a hacker connects to a network, they have access to everything on that network.
With the increase in devices that can access Wi-fi such as IoT and BYOD, it is critical to manage access points and deal with emerging threats, either at the corporate office, remote office or homes. Fortinet has FortiAP which support all wireless technologies and has integration capabilities. Fortigate manages it and it is connected to their next-generation firewall.
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.
|