From the course: CompTIA Security+ (SY0-701) Cert Prep

Wireless encryption

From the course: CompTIA Security+ (SY0-701) Cert Prep

Start my 1-month free trial

Wireless encryption

- [Instructor] Network administrators add encryption to wireless networks to protect communications against eavesdropping. Wireless encryption is a best practice for network security. Encryption hides the true content of network traffic from those without the decryption key. It takes an insecure communications technology, radio waves, and makes it secure. The original approach to solving this problem was a technology known as Wired Equivalent Privacy or WEP. WEP was used for a long time, but it is now known to suffer from some very serious security vulnerabilities. And these issues are so significant that security professionals no longer consider WEP secure, and it should never be used on a modern network. A newer technology called Wi-Fi Protected Access, or WPA, replaced WEP all the way back in 2003. This first version of WPA, just called WPA, used the Temporal Key Integrity Protocol, or TKIP, to add security that WEP didn't have. TKIP changed the encryption key for each packet, preventing an attacker from discovering the key after monitoring the network for a long period of time. However, as happens with many security technologies, vulnerabilities in WPA have now come to light that make it a poor choice for use on modern wireless networks. In 2004, WPA2 was released as an upgrade to WPA. Instead of simply trying to add security on to the old web standard, WPA2 uses an encryption protocol that is based upon the Advanced Encryption Standard or AES. This protocol has a really long name, Counter Mode Cipher Block Chaining Message Authentication Code Protocol But you just need to know it as CCMP. Security researchers have discovered some potential issues with WPA2, but it is still considered secure and is widely used. As of 2020, new wireless devices are required to support the WPA3 standard. WPA3 also supports the CCMP protocol, but it adds a new technology called Simultaneous Authentication of Equals, or SAE. SAE is a secure key exchange protocol based upon the Diffie-Hellman technique that provides a more secure initial setup of encrypted wireless communications. So let's sum this up with a quick reference table. You should not operate unencrypted networks because they are definitely vulnerable to eavesdropping, and the original WEP standard is so insecure that it's basically equivalent to running an unencrypted network. The original WPA standard is also now considered insecure, and you should now be running the WPA2 wireless encryption standard and or the newer WPA3 standard.

Contents